Is there a way for Discourse to require users with ADMIN privileges to use STRONG passwords? This of course to prevent someone from hacking and messing with the core setup of our sites.
Mark
Ben’s Friends Rare Disease
Is there a way for Discourse to require users with ADMIN privileges to use STRONG passwords? This of course to prevent someone from hacking and messing with the core setup of our sites.
Mark
Ben’s Friends Rare Disease
There is the min admin password length
setting (default 15) which forces admins to choose longer passwords than regular users. All users have to use at least the configured number of password unique characters
(default 6) and the 10 000 most popular passwords are blocked by default [1].
For additional security you can enfore second factor
for staff or all users to force them to use two-factor authentication.
block common passwords ↩︎
I would encourage/educate them to use Passkeys instead. They are safer and easier to use than passwords.
In addition to the above excellent suggestions, I would also recommend using complex passwords and storing them in a password vault to manage passwords and passkeys.
You can also force two factor for admins