Is there a plugin for Omeka to protect against BRUTE FORCE attacks ? If not, how can I provide security to my Omeka site?
Is there a way to implement a password complexity in Omeka for users that attempt to login?
I saw that there is a parameter for setting length of a password (min and max), but is there a way to make sure the password fit those criteria :
doesn’t contain the username
contains at least one lowercase, one uppercase, one digit and a special characters (comma, period, exclamation mark, etc.)
Also, is there a way to deactivate the account after X unsuccessful password entry ?
If this doesn’t exist, how would you implement it ?
I’d like to repost these question as I have the same needs. The password requirements are so weak, and we’d like to integrate with Active Directory. Any thoughts?
I build a module for that on Omeka S (https://github.com/Daniel-KM/Omeka-S-module-Lockout), but i didn’t backported it to Omeka Classic. It doesn’t check quality of password (it’s the responsability of the user), but avoids brute force attacks.
I realize this post is old, but has anyone since built something for complexity? We are using the Guest User plug-in and it’s creating a bit of a headache… some users are creating passwords that match their usernames (especially spam users from Russia…). Or any suggestions on how to go about forcing users to create more complex passwords?