Requiring STRONG password for users with ADMIN privileges

Is there a way for Discourse to require users with ADMIN privileges to use STRONG passwords? This of course to prevent someone from hacking and messing with the core setup of our sites.

Mark
Ben’s Friends Rare Disease

There is the min admin password length setting (default 15) which forces admins to choose longer passwords than regular users. All users have to use at least the configured number of password unique characters (default 6) and the 10 000 most popular passwords are blocked by default [1].
For additional security you can enfore second factor for staff or all users to force them to use two-factor authentication.


  1. block common passwords ↩︎

9 Likes

I would encourage/educate them to use Passkeys instead. They are safer and easier to use than passwords.

8 Likes

In addition to the above excellent suggestions, I would also recommend using complex passwords and storing them in a password vault to manage passwords and passkeys.

2 Likes

You can also force two factor for admins

3 Likes