Comments (4)
I'm planning to work on this issue here: https://github.com/daar/filament-breezy
from filament-breezy.
So, you might think that forcing people to change their password every so often is a great way to keep things secure. But actually, the National Institute of Standards and Technology (NIST) says that’s not the case anymore. Password expiration policies don’t really do much to make passwords stronger, and can even make them weaker if people are constantly coming up with new ones that are easy to guess.
So, instead of relying on password expiration, it’s better to encourage people to choose strong and unique passwords, use 2FA, and keep an eye out for any weird activity on their accounts. That way, you can keep things safe without making everyone change their password every other week.
Section: 5.1.1.2 Memorized Secret Verifiers:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
from filament-breezy.
Absolutely, you're right! Strong passwords and 2FA are widely acknowledged as effective means of safeguarding data. However, there may be scenarios where implementing 2FA is impractical, particularly when collaborating with individuals who have limited experience with computers. In such situations, incorporating password expiration can provide an alternative layer of security by ensuring that passwords are regularly updated, thereby reducing the risk of compromised accounts.
Laravel provides various validation methods for passwords, that assess the strength of passwords and checks whether a provided password is uncompromised. By combining these strong passwords with additional security measures such as password expiration or 2FA, we have all the tools in place to keep data secured.
from filament-breezy.
This will be worked on in v2, to some degree, and will be released sometime after Filament v3 stable is released in August.
I won't implement this in v1, as I consider v1 to be feature complete.
Check for updates to the repo!
from filament-breezy.
Related Issues (20)
- Password check fail on multiple panels/guards
- Overriding PersonalInfo doesn't work HOT 1
- Missing CI / Github Actions HOT 1
- Call to a member function getPlugin() on null HOT 3
- Missing string in it lang HOT 3
- Unable to call component method. Public method [submit] not found on component HOT 2
- Config not serializable HOT 4
- Breezy not show in panel at laravel filament fresh install
- 2FA: Filament's Notification and Profile menus are visible before 2FA is completed HOT 2
- Using a custom TwoFactorPage causes a Livewire error
- Breezy tests
- allow modification of sanctum permissions in tenantMiddleware()
- How to reveal the password while typing for update? HOT 1
- Why this code not work when change Force status?
- How to use this code in Two Factor Authentication
- rember 2FA when remember logging in HOT 4
- How can I change the navigation page icon? HOT 6
- Impersonate 2FA Problem
- How to add "revealable" option to password field?
- Bug : User Avatar Doesn't Show in edit profile page HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from filament-breezy.