Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-2740

Rules Governing Passwords - Password Policy

XMLWordPrintable

    • 88
    • 48
    • Hide
      Atlassian Update – 15 November 2018

      Hi,
      Thank you for providing input and feedback on this suggestion. The Jira Server team have recently reviewed this suggestion and how it would fit alongside our strategy and other customer priorities. I am afraid we are not planning to invest in more robust rules for password management in Jira.

      However, we wanted to let you know that Password Policies for Internal Directories are available in Crowd.

      For those of you who aren’t familiar with Crowd, it offers one place to manage your users, groups and directories and easily integrate your identity infrastructure across all self-hosted Atlassian products.

      Crowd allows admins to setup Password Regex - a regular expression pattern that a new password will be validated against.Admins are also able to setup custom messages that help  explain password complexity requirements to users. It is also possible to set-up:

      • maximum number of invalid passwords attempts before the authenticating account will be disabled
      • number of days until the password must be changed
      • number of previous passwords to check when disallowing repeated passwords on password change

      If the Password Policy in your organization requires any additional rules governing passwords beyond what is currently offered by Crowd, please create a relevant ticket in https://jira.atlassian.com/projects/CWD/.

      Best regards,
      Gosia Kowalska, Jira Server Product Manager

      Show
      Atlassian Update – 15 November 2018 Hi, Thank you for providing input and feedback on this suggestion. The Jira Server team have recently reviewed this suggestion and how it would fit alongside our strategy and other customer priorities. I am afraid we are not planning to invest in more robust rules for password management in Jira. However, we wanted to let you know that Password Policies for  Internal Directories  are available in Crowd. For those of you who aren’t familiar with  Crowd , it offers one place to manage your users, groups and directories and easily integrate your identity infrastructure across all self-hosted Atlassian products. Crowd allows admins to setup Password Regex - a regular expression pattern that a new password will be validated against.Admins are also able to setup custom messages that help  explain password complexity requirements to users. It is also possible to set-up: maximum number of invalid passwords attempts before the authenticating account will be disabled number of days until the password must be changed number of previous passwords to check when disallowing repeated passwords on password change If the Password Policy in your organization requires any additional rules governing passwords beyond what is currently offered by Crowd, please create a relevant ticket in  https://jira.atlassian.com/projects/CWD/ . Best regards, Gosia Kowalska, Jira Server Product Manager
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.


      Original description
      Many large corporations have specific rules governing passwords. It would be nice if JIRA Enterprise supported the ability to configure these rules. Specifically,

      • minimum & maximum number of days between passwords changes
      • minimum number of characters for a password
      • minimum composition of a password (e.g. at least 2 numbers or 1 special character)
      • number of attempts before locked out
      • lock out time period
      • password never expires

        1. changepassword_4.1.2.jsp
          4 kB
        2. changepassword.jsp
          2 kB
        3. changepassword-4.3.jsp
          4 kB
        4. renamed-4.3.jsp
          4 kB
        5. resetpassword_4.1.2.jsp
          3 kB
        6. resetpassword_5.1.4.jsp
          5 kB
        7. resetpassword-4.3.jsp
          4 kB
        8. strongpasswords-5.0.5.diff
          5 kB

            Unassigned Unassigned
            4f090ccf5319 Matthew E. Porter
            Votes:
            355 Vote for this issue
            Watchers:
            208 Start watching this issue

              Created:
              Updated: