I think, we could add some choices for the Admin in the Config, to decide how secure his XOOPS installations should be.
For example, the Admin could decide on issues like:
- what is the minimum length of the required password
- should special characters be required
- when should the password expire (e.g. every 6 months)
So by letting the Admin decide how rigid they want to be with security, we will make a better XOOPS, without forcing it on people.
Reg. education, we could add to Registration the same "password security" check as it is during installation, so the user is aware that his passwords is not secure. (BTW - to check your own password, check it on the
Website from Steve Gibson, a known security expert)
To create a SUPER SECURE passwords, go to
another side by Steve Gibson.
Some people are recommending longer but easy to remember passwords than short and complex. See
this article, although the discussion is still going on, as you see from
this article.
However, the password suggested by the first author "
yummy salted peanuts" seemed to be pretty secured, as tested by
Heystack Website