Opened 7 years ago
#33 new defect
Password : Validation : implement password strength requirement for all password fields
| Reported by: | victor | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Version: | ||
| Keywords: | Cc: | ||
| Blocked By: | Blocking: |
Description
document: Additional tasks for ITCPay.docx
About password strength validation in ITCPay, as mentioned in 11th document, ITCPay site is accepting passwords like 12345678 in personal account sign up page and business account sign up page even though the password doesn't meet our password strength requirement. Our password strength requirement is-
The password must contain – at least 8 characters, at least 1 letter, at least one number/special character.
Now we have found that not only in the 2 sign up pages (personal and business), password strength validation is not working correctly in other pages containing password boxes as well.
For example, password strength validation is not working in the password changing page under "My account".
Password strength validation is also not working in the password resetting page that appears after clicking the password retrieval link sent to the user's email address following a "Forgot password" request.
Password strength validation is not working in the "Change password" page in the admin panel.
In all the cases, passwords like 12345678 are being accepted.
So you have to make necessary correction now so that password strength validation works correctly in all the pages.
