This plugin provides additional password restriction options when users are selecting their own password. NIST recommends the following for passwords:

• Establishing a minimum length
• Not limiting allowed characters
• Not requiring arbitrary complexity rules
• Checking passwords against known weak passwords
• Rate limiting failed password attempts

Additional arbitrary password complexity requirements are available, but not recommended.

The plugin also provides the following features:

• Force users to renew their passwords after a given time
• Disallow reusing the last N passwords

• OJS/OMP 3.4 or later

Install this as a "generic" plugin in OJS. The preferred installation method is through the Plugin Gallery.

To install manually via the filesystem, extract the contents of this archive to a "betterPassword" directory under "plugins/generic" in your OJS root. To install via Git submodule, target that same directory path: git submodule add https://github.com/ulsdevteam/pkp-betterPassword plugins/generic/betterPassword. Run the installation script to register this plugin, e.g.: php lib/pkp/tools/installPluginVersion.php plugins/generic/betterPassword/version.xml

Login as a Site Administrator and navigate to any context. Enable the plugin via Login -> Settings -> Website -> Plugins -> Better Password -> Enable.

To configure the plugin, you will need to select what types of restrictions you want to enable.

Written by Clinton Graham and Tazio Polanco for the University of Pittsburgh. Copyright (c) University of Pittsburgh.

Released under a license of GPL v2 or later.