Validators for users’ password¶
By default, Tuleap enforces that password are at least 8 characters. You can define your own rules to validate users’ passwords. Here is an example of rules:
- Password must contain at least 8 characters
- Password must contain at least 2 capital letter
- Password must contain at least 3 non-digit characters
site-content/*/account/password_strategy.txt for details.
Rejection of compromised passwords¶
Tuleap tries to reject passwords commonly found in data breaches. In order to do that it communicates with the Have I Been Pwned service. Password secrecy is however always respected and nobody is able to know the passwords of your users.
The feature activation can be managed from the site administration.