Vendic Admin Password Policy
vendic/magento2-admin-password-policy
Enforces stronger admin password rules (forbidden words, upper/lowercase and special-character requirements) and automatically deactivates admin users who have not logged in for 90 days.
Build Tests
Code Quality
Tested on Magento 2.4.9
Recent Test History
Each release is tested against the latest Magento version at that time.
Top Contributors
View Leaderboard
Looking for Contributors
Composer installation fails. Your contribution could help the entire Magento community!
Share This Module's Status
README
Loaded from GitHubVendic_AdminPasswordPolicy
This module adds additional rules for admin passwords. It ensures that the following criteria are met for admin passwords:
- Password does not contain first name, last name, username or email of the user.
- Password does not contain 'guest', 'admin', or 'password'.
- Password has at least one lowercase letter.
- Password has at least one uppercase letter.
- Password has at least one special character.
Additional rules can be added through di.xml to the rules constructor parameter of the following class: Vendic\AdminPasswordPolicy\Plugin\ValidatePassword
Additional forbidden words can be added through di.xml to the forbiddenWords constructor parameter of the following class: Vendic\AdminPasswordPolicy\Rules\DoesNotContain
Users who have not logged in the past 90 days will automatically be set on inactive by a cron job that runs every midnight. It is possible to exclude users from being marked as inactive via configuration.
Installation
composer require vendic/magento2-admin-password-policy
Configuration
None at this moment. Feel free to create a pull request if you need specific settings. Check the issues for tickets that need help.
Compatibility
- Magento 2 or Mage-OS ^2.4.4
License
Authors
This content is fetched directly from the module's GitHub repository. We are not the authors of this content and take no responsibility for its accuracy, completeness, or any consequences arising from its use.