Content
Release Notes - Security
Random passwords
In OpenProject 3.0 it is possible to assign random passwords to users (either when creating or updating users).
The randomly created passwords provide a better password protection.
Random passwords can be assigned in the user configuration in the system settings.
Stronger passwords through required characters
In order to improve password security, it is possible to define a minimum password length, as well define which character classes are required.
When passwords do not meet these standards, an error message is displayed, notifying the user of the insufficiency.
Limited password validity
Additional security is provided by the option to configure a time frame after which a password change is enforced.
After the specified time frame, users who try to log in are required to change their password.
Limited re-usability of passwords
The re-usability of passwords can be configured so that the same password cannot be used multiple times.
Users are notified that they cannot use the same password again when trying to change their password.