Changing Password Validation Rules
In Movable Type 5.13, a system administrator can set password validation policies to let users to use stronger passwords.
- Select [System] under Navigation.
- Select [Settings] > [User] in the Side Menu.
- Change "Password Validation" settings and click [Save Changes] button.
You can apply the following four validation rules.
- Password should contain uppercase and lowercase letters.
- Password should contain letters and numbers.
- Password should contain special characters.
- Minimum length of the password (the default value is 8).
Additionally to these rules, a password cannot contain the sign-in name. For example, if your sign-in name is "melody", you cannot use passwords like "melody2012". Once these validation rules are set, they are applied when:
- creating a new user
- changing the password
but they are NOT applied when:
- setting API password
- creating a user in a bulk with CSV (MT Advanced feature)
The following template tags were introduced to use the password validation rules in the Community forum/blog.
The following new configuration directives were added for the password validation. If these directives are specified in mt-config.cgi, they will override the settings in the system menu.
Movable Type 5.13 introduced a stronger password encryption algorithm. The older versions of Movable Type only recognized the first eight characters of the password. With the new encryption algorithm, MT5.13 recognizes the password in its full length.
When you upgrade your installation from the older versions to 5.13, Movable Type users still can sign-in to the installation with the old passwords, but it is recommended to update their passwords to utilize this change.
Due to this change, the database column length of author_password was changed from 60 to 124.