Yes we should have these all but one. Will put it on the todo list. Rearranging in order of priority with some comments below:
1) Require passwords of various complexity (WIP= Work In Progress) 2) Force logout after x hours (WIP) 3) No re-use of the last password (WIP) 4) Force new password on first login (WIP) 5) Two-factor authentication for users with 'administrator' access 6) Lock account after x failed login attempts. 7) Force new password every x days. NO) No sequential passwords (for example, can't change your password from 'password1' to 'password2'). This is not possible because the server does not know the previous password, only the salted hash of it. If a site enforces this, that site is storing your password in the clear and I'd recommend you not use it. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/6cc5c37b-00b4-4695-affe-91cb51e267ef%40googlegroups.com.
