Add reporting on compliance (or failure) with complexity requirements
jvalente-salemstate opened this issue · comments
I tried to work on this myself last year, and have a python function working that determines if a password meets specific password complexity criteria. However, due to lack of skill in building the HTML pages I haven't been able to manage to get this in the dpat output, and instead just use the output db to write a csv with non-compliant users. For a sample complexity requirement of 14 characters and 3/4 sets (Upper, lower, digit, special character). Additional work may be needed to add banned wordlists and whatnot.
def check_complexity(pw):
spec_char = "!@#$%^&*()_+?<>;:'./,{}[]\|~`-=" #NOTE: May be missing possible valid characters
compliant = True
contsets = 0
if len(pw) < 14:
return False
if any(i.isupper() for i in pw): contsets+=1
if any(i.islower() for i in pw): contsets+=1
if any(i.isdigit() for i in pw): contsets+=1
if any(i in spec_char for i in pw): contsets+=1
if contsets < 3: return False
else: return True
Use cases, include estimating workload in implementing a new policy or identifying users who've retained passwords that don't comply with current policy for whatever reason.