Simple password policy

INTRODUCTION

This module implements a simple account policy with the following configurable set of fixed rules:

• minimum password length
• minimum amount of lowercase chars (a-z)
• minimum amount of uppercase chars (A-Z)
• minimum amount of numeric chars (0-9)
• minimum amount of special chars not(a-z A-Z 0-9)
• minimum amount of old password allowed
• period in which old passwords are not allowed
• check paswword is not similar to username

The module will also notify the user his password is expired and will send a warning mail ahead of time.

• expire the password after period
• send email password is about to expire

Password policy can be ignored using:

• ignore password policy expiration check on configured routes:
• don't apply policy for users matching a pattern
• applying the permission 'bypass password policy'

SIMILAR MODULES

If you want more control over the rules and how a password policy should apply, the password_policy module is more
enhanced. If you want more strict rules, password_strength might be an option too. This module was build to keep it
simple.

* password_policy
* password_strength

REQUIREMENTS

This does not require any other module.

RECOMMENDED MODULES

None

INSTALLATION

Install as you would normally install a contributed Drupal module. Visit
https://www.drupal.org/node/1897420 for further information.

CONFIGURATION

General usage

After installing the module is configured with these default rules:

• min_length: 12
• min_lowercase: 1
• min_uppercase: 1
• min_numeric: 1
• min_special: 1
• min_old: ''
• min_old_age: ''
• similar_username: ''
• ignore_routes:
  • 'entity.user.edit_form'
  • 'system.ajax'
  • 'user.logout'
  • 'admin_toolbar_tools.flush'
  • 'user.pass'
  • 'image.style_public'
• ignore_users: { }
• expire_period: '1 year'
• expire_warning: '3 weeks'

Configuration is found under the "People" configuration item.
/admin/config/people/password_policy