This is an old revision of the document!
Mantis currently lacks support for advanced password security features
commonly employed by security concious applications / organisations. These
features are important when the database contains sensitive information
and users may be inclined to use weak passwords.
The features that would be required are:
Add a password history table.
[Optional] Add a password_updated field to the user table. This is duplication of information, though could simplify integration tasks and implementation where password history is not required.
Add a configuration option for the password strength threshold
Add a configuration option for the password usage period (eg how often it must be changed)
Add a configuration option for the size of the password history
Support password strength checking on password update page.
Support password history checking on password update page.
Support password expiration checking as part of authentication process.
Please add your comments and feedback in this section.