Celebrate 20 years of Drupal with us! April is DrupalFest, a month-long series of virtual events focused on community, contribution, and the positive impacts made possible with Drupal.
By AohRveTPV on , updated
This module provides a way to enforce restrictions on user passwords by defining password policies.
Overview
A password policy can be defined with a set of constraints which must be met before a user password change will be accepted. Each constraint has a parameter allowing for the minimum number of valid conditions which must be met before the constraint is satisfied.
Example: an uppercase constraint (with a parameter of 2) and a digit constraint (with a parameter of 4) means that a user password must have at least 2 uppercase letters and at least 4 digits for it to be accepted.
8.x-3.x released
A version for Drupal 8 has been released for feedback. Constraints are now plugins. Please see the example constraints bundled as submodules to this release. Formal documentation will soon follow.
Features
Current constraints include:
- Character types
- Digit
- Letter
- Letter/Digit (Alphanumeric)
- Length
- Uppercase
- Lowercase
- Punctuation
- Delay
- Username
- Digit placement
- History (checks hashed password against a collection of user's previous hashed passwords looking for recent duplicates)
The module also implements a password expiration feature. The user is forced to change their password and is optionally blocked when their old password expires.
Administrators can force specific users or entire roles to change their password on their next login and can make a password tab available to users instead of the usual user/#/edit page for password changes.
Other Releases
7.x-2.x is a major rewrite to include several of the features most lacking from 7.x-1.x: natively exportable configurations, cleaner administrator UI, and easier implementation of your own policies in other modules. Features requests should be made against this branch instead of 7.x-1.x. Note: #2027019: Upgrade from 7.x-1.x to 7.x-2.x not possible
Limitations
Password policies only apply to passwords set via user forms in the web interface. Passwords changed by other means (Drush, web services, etc.) may not be subject to password policy constraints. Please see the following issue if you would like to contribute to removing this limitation: #2451159: Password policy doesn't work when updating the user
Complementary Modules
Supporting organizations:
Project information
Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed.- Module categories: Security, User Access & Authentication, User Management
51,270 sites report using this module
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
Downloads
8.x-3.0-beta1
Requires Drupal: ^8 || ^9
✓ Recommended by the project’s maintainer.
Drupal 9 compatibility and random improvements to stabilize the module
⬇ Download tar.gz (36.94 KB) | zip (88.14 KB)
Development version: 8.x-3.x-dev updated 20 Jul 2020 at 01:20 UTC
- Testing result: PHP 7.2 & MySQL 5.5, D8.9.1 50 pass all results
7.x-2.0-alpha8
Requires Drupal: 7.x
⬇ Download tar.gz (32.42 KB) | zip (46.86 KB)
Development version: 7.x-2.x-dev updated 23 Jul 2019 at 04:43 UTC
- Testing result: PHP 5.3 & MySQL 5.5, D7 25 pass all results
7.x-1.16
Requires Drupal: 7.x
✓ Recommended by the project’s maintainer.
⬇ Download tar.gz (49.27 KB) | zip (66.92 KB)
Development version: 7.x-1.x-dev updated 21 Mar 2019 at 21:28 UTC
- Testing result: PHP 5.3 & MySQL 5.5, D7 65 pass all results
