EnxDev commented on issue #37927: URL: https://github.com/apache/superset/issues/37927#issuecomment-3936907905
> ``` > # Password policy > PASSWORD_MIN_LENGTH = 12 > PASSWORD_REQUIRE_UPPERCASE = True > PASSWORD_REQUIRE_LOWERCASE = True > PASSWORD_REQUIRE_DIGIT = True > PASSWORD_REQUIRE_SPECIAL = True > PASSWORD_COMMON_LIST_CHECK = True > ``` > > Regarding password policy, I would want to delegate this to user's responsibility. Most modern password managers have their own password generator mechanisms with varying options and if they follow best practice, the generated password should tick all of requirements. > It’s true that users who rely on password managers already generate strong passwords, and enforcing strict policies can feel unnecessary or even annoying for them. It’s also true that avoiding complex policies simplifies implementation. However, we can’t assume that all users rely on password managers. Superset with `AUTH_DB` is widely used in enterprise on-prem environments, small teams, and development setups; contexts where users often register with weak passwords like `superset123` or `Password1`. Password policies aren’t meant for users who already follow best practices; they exist as a safety net for those who don’t. > In addition, it'd simplify the possible architecture and subsequent implementation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
