Wiki source for UserSettingsAndPasswords
=====User Settings and Passwords=====
Here I'll share my efforts to make user registration, login/logout and password-handling a little more user-friendly as well as more secure. And apart from making sure the associated forms are XHTML-compliant, I'm also making them accessible according to the [[http://w3.org/WAI | WAI]] guidelines.
====Password length====
Currently the system only enforces a minimum password length of 5 characters. That's generally not considered a very secure password, so my first action was to make this minimum length Admin-configurable.
~1) edit **wikka.config.php** and add the following line:%%(php)"user_min_password" => "5", // default minimum password length%%
~~- if you want to have this generated on installation, add the same line to the **$wakkaDefaultConfig** array in **wikka.php**.
~1) edit **actions/usersettings.php** and replace every occurrence of %%(php)< 5%% with %%(php)< $this->config["user_min_password"]%%
Now minimum password length is Admin-configurable and will be enforced in ""UserSettings"" for registration and login. (Make sure any existing passwords are of sufficient length first!) A good minimum is 8 characters but this patch maintains the current default of 5 in Wikka.
''Um, I'm not one to speak from experience, but isn't the whole concept of a wiki supposed to render security irrelevent? Additionally, the wiki format (instead of a forum), is that editing a page is for non-registered users should be as easy and quick as possible. If anything, the default should be lower than 5 (like 2 characters). I appreciate the ability to configure the min_length, but does this have any ramfications on **/setup** files? Like in the case of upgrading?'' -- Sam
No, I don't think the concept of a Wiki is to make security irrelevant - just to make a community effort to maintain pages/information on the Web (or an intranet) easy. But many Wikis (including this one!) have been configured to require a user to have an account and be logged in to be able to edit any page.
The idea behind more secure passwords is not to make the **Wiki** more secure, but to make those **accounts** more secure - so someone else may not "take over" an account and then impersonate someone. And let's not forget that most Wikis also have a Wiki Master and one or more users with Admin rights - should anyone be able to easily take over those accounts? I think not (at that point security of user-supplied email addresses also becomes relevant).
Of course, if you think 2 characters is sufficient for __your__ Wiki, my patch (applied __once__) allows you to configure just that instead of replacing a constant in 10 locations or so (I didn't count). I just go in the other direction. ;-)
Upgrading is a good point though: I don't know how upgrading is implemented (yet) - I've only looked at a current installation and new setups so far. I'll look into that; I've only just started with Wikka... Thanks!
-- JavaWoman
==Strengthened password rules on existing site==
On an existing site where the password minimum length is increased the following situation can occur:
A user logs in with a valid (existing) password, but the rules have changed and it's now too short. The system should then enforce choosing a new password (of sufficient length).
I have this implemented now on my local machine. No single patch - part of my complete overhaul of the login/registration fucntionality. Will post completed code later...
-- JavaWoman
''Thanks for your work on this JW :) Looking forward to seeing this "prompt" for a new password. Just my two cents here: from a user standpoint, it's easier to work with a single password for a single site. That is, this prompt seems excessive. If a user chooses a 2 letter password (when it was okay to do so), then she probably doesn't care about security. Whereas if it was to be secure, you'd choose something dramatic. Additionally, on a social side, it's cool to have a unique password. I have a 5 character password for one of my Hotmail accounts whereas you need 6 characters when signing for a new account. Cool!'' -- Sam
OK, Sam, you have a point about it being more use-friendly if a once-accepted password can remain the same. I could make it (WikiAdmin-)configurable; that way you could have a once-valid password remain valid (but still apply new rules when the user wants to change the password), and have that the default behavior; or the WikiAdmin could choose to enforce the new rules and have a prompt for a new password on login. How does that sound?
[One thing though: many people actually have no idea about password security or what __makes__ a password secure. I've overheard people telling each other how to choose this weird thing called a password .... not that they didn't care - they just had no idea! :) Then again, probably [[WikiUser]]s are a little wiser!]
-- JavaWoman
-----
CategoryUserContributions
Here I'll share my efforts to make user registration, login/logout and password-handling a little more user-friendly as well as more secure. And apart from making sure the associated forms are XHTML-compliant, I'm also making them accessible according to the [[http://w3.org/WAI | WAI]] guidelines.
====Password length====
Currently the system only enforces a minimum password length of 5 characters. That's generally not considered a very secure password, so my first action was to make this minimum length Admin-configurable.
~1) edit **wikka.config.php** and add the following line:%%(php)"user_min_password" => "5", // default minimum password length%%
~~- if you want to have this generated on installation, add the same line to the **$wakkaDefaultConfig** array in **wikka.php**.
~1) edit **actions/usersettings.php** and replace every occurrence of %%(php)< 5%% with %%(php)< $this->config["user_min_password"]%%
Now minimum password length is Admin-configurable and will be enforced in ""UserSettings"" for registration and login. (Make sure any existing passwords are of sufficient length first!) A good minimum is 8 characters but this patch maintains the current default of 5 in Wikka.
''Um, I'm not one to speak from experience, but isn't the whole concept of a wiki supposed to render security irrelevent? Additionally, the wiki format (instead of a forum), is that editing a page is for non-registered users should be as easy and quick as possible. If anything, the default should be lower than 5 (like 2 characters). I appreciate the ability to configure the min_length, but does this have any ramfications on **/setup** files? Like in the case of upgrading?'' -- Sam
No, I don't think the concept of a Wiki is to make security irrelevant - just to make a community effort to maintain pages/information on the Web (or an intranet) easy. But many Wikis (including this one!) have been configured to require a user to have an account and be logged in to be able to edit any page.
The idea behind more secure passwords is not to make the **Wiki** more secure, but to make those **accounts** more secure - so someone else may not "take over" an account and then impersonate someone. And let's not forget that most Wikis also have a Wiki Master and one or more users with Admin rights - should anyone be able to easily take over those accounts? I think not (at that point security of user-supplied email addresses also becomes relevant).
Of course, if you think 2 characters is sufficient for __your__ Wiki, my patch (applied __once__) allows you to configure just that instead of replacing a constant in 10 locations or so (I didn't count). I just go in the other direction. ;-)
Upgrading is a good point though: I don't know how upgrading is implemented (yet) - I've only looked at a current installation and new setups so far. I'll look into that; I've only just started with Wikka... Thanks!
-- JavaWoman
==Strengthened password rules on existing site==
On an existing site where the password minimum length is increased the following situation can occur:
A user logs in with a valid (existing) password, but the rules have changed and it's now too short. The system should then enforce choosing a new password (of sufficient length).
I have this implemented now on my local machine. No single patch - part of my complete overhaul of the login/registration fucntionality. Will post completed code later...
-- JavaWoman
''Thanks for your work on this JW :) Looking forward to seeing this "prompt" for a new password. Just my two cents here: from a user standpoint, it's easier to work with a single password for a single site. That is, this prompt seems excessive. If a user chooses a 2 letter password (when it was okay to do so), then she probably doesn't care about security. Whereas if it was to be secure, you'd choose something dramatic. Additionally, on a social side, it's cool to have a unique password. I have a 5 character password for one of my Hotmail accounts whereas you need 6 characters when signing for a new account. Cool!'' -- Sam
OK, Sam, you have a point about it being more use-friendly if a once-accepted password can remain the same. I could make it (WikiAdmin-)configurable; that way you could have a once-valid password remain valid (but still apply new rules when the user wants to change the password), and have that the default behavior; or the WikiAdmin could choose to enforce the new rules and have a prompt for a new password on login. How does that sound?
[One thing though: many people actually have no idea about password security or what __makes__ a password secure. I've overheard people telling each other how to choose this weird thing called a password .... not that they didn't care - they just had no idea! :) Then again, probably [[WikiUser]]s are a little wiser!]
-- JavaWoman
-----
CategoryUserContributions
