vendic / magento2-admin-password-policy
Implementation of policy for admin passwords.
Installs: 0
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:magento2-module
Requires
- php: ~8.2.0||~8.3.0
- magento/framework: *
- magento/module-user: 101.2.*
This package is auto-updated.
Last update: 2025-04-28 14:57:08 UTC
README
This module adds additional rules for admin passwords. It ensures that the following criteria are met for admin passwords:
- Password does not contain first name, last name, username or email of the user.
- Password does not contain 'guest', 'admin', or 'password'.
- Password has at least one lowercase letter.
- Password has at least one uppercase letter.
- Password has at least one special character.
Additional rules can be added through di.xml to the rules constructor parameter of the following class: Vendic\AdminPasswordPolicy\Plugin\ValidatePassword
Additional forbidden words can be added through di.xml to the forbiddenWords constructor parameter of the following class: Vendic\AdminPasswordPolicy\Rules\DoesNotContain
Users who have not logged in the past 90 days will automatically be set on inactive by a cron job that runs every midnight. It is possible to exclude users from being marked as inactive via configuration.
Installation
composer require vendic/magento2-admin-password-policy
Configuration
None at this moment. Feel free to create a pull request if you need specific settings. Check the issues for tickets that need help.
Compatibility
- Magento 2 or Mage-OS ^2.4.4