Password Security
by LasLabs https://github.com/OCA/server-auth , Onestein https://github.com/OCA/server-auth , Kaushal Prajapati https://github.com/OCA/server-auth , Tecnativa https://github.com/OCA/server-auth , initOS GmbH https://github.com/OCA/server-auth , Omar Nasr https://github.com/OCA/server-auth , Odoo Community Association (OCA) https://github.com/OCA/server-authAvailability |
Odoo Online
Odoo.sh
On Premise
|
Odoo Apps Dependencies |
Discuss (mail)
|
Lines of code | 310 |
Technical Name |
password_security |
License | LGPL-3 |
Website | https://laslabs.com |
Versions | 9.0 10.0 11.0 12.0 14.0 16.0 13.0 15.0 |
Password Security
This module allows admin to set company-level password security requirements and enforces them on the user.
It contains features such as
- Password expiration days
- Password length requirement
- Password minimum number of lowercase letters
- Password minimum number of uppercase letters
- Password minimum number of numbers
- Password minimum number of special characters
Configuration
# Navigate to company you would like to set requirements on # Click the Password Policy page # Set the policies to your liking.
Password complexity requirements will be enforced upon next password change for any user in that company.
Settings & Defaults
These are defined at the company level:
Name | Default | Description |
---|---|---|
password_expiration | 60 | Days until passwords expire |
password_length | 12 | Minimum number of characters in password |
password_lower | 0 | Minimum number of lowercase letter in password |
password_upper | 0 | Minimum number of uppercase letters in password |
password_numeric | 0 | Minimum number of number in password |
password_special | 0 | Minimum number of unique special character in password |
password_history | 30 | Disallow reuse of this many previous passwords |
password_minimum | 24 | Amount of hours that must pass until another reset |
Usage
Configure using above instructions for each company that should have password security mandates.
Known Issues / Roadmap
Bug Tracker
Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing detailed and welcomed feedback.
Credits
Images
- Odoo Community Association: Icon.
Contributors
- James Foster <jfoster@laslabs.com>
- Dave Lasley <dave@laslabs.com>
- Kaushal Prajapati <kbprajapati@live.com>
Maintainer
This module is maintained by the OCA.
OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.
To contribute to this module, please visit https://odoo-community.org.
Please log in to comment on this module
Report comment
Any abuse of this reporting system will be penalizedThere are no ratings yet!
However, on informal option I adopted when I got stuck with the Admin Password expiration issue was to backdate my system date (to a date earlier than the expiration date) and I was able to login again
Issues after password expires
I installed the module on Version 10 and it worked fine. However, I noticed that after password expires, based on the expiration period specified, no user (including the Administrator) would be able to login again and no one (including the Administrator) is redirected to the password reset page. If the Admin can be excluded from the password constrain and the users are redirected to the password reset page, then all will be fine. Otherwise, everyone, including the Admin might no longer have access after password expiration. Is there a way to resolve this?