View Issue Details

This bug affects 1 person(s).
IDProjectCategoryView StatusLast Update
14636Feature requestsSecuritypublic2023-02-03 17:26
ReporterDenisChenu Assigned Toc_schmitz  
Status resolvedResolutionfixed 
Summary14636: Admin password restriction

It can be great to have an admin password restriction (or a plugin event for this (if it's already here : OK, i do the core plugin))

Additional Information

Default take from config.php
Restricted super admin have a screen to update

Taken from nextcloud :

  • Minimum size
  • Prohibit current passwords
  • Imposing uppercase and lowercase characters
  • Imposing numbers
  • Imposing special characters
  • Check the password against the list of violated passwords on haveibeenpwnd. com (maybe not this one).

config-default.php can be min size to 8 for starting

TagsNo tags attached.
Attached Files
Bug heat264
Story point estimate
Users affected %


has duplicate 14736 closedDenisChenu Bug reports Missing password policy 

Users monitoring this issue

There are no users monitoring this issue.




2019-04-04 07:58

developer   ~51334

OK in 4.0 ? Or did you already have a plugin for this ?



2019-04-05 08:54

updater   ~51359

DenisChenu, are you thinking of e.g. a new global setting at which superadmins can define the minimum password requirements by using the list you added above? That would be pretty useful.
I guess there are proper regex for checking the password requirements outlined above?



2019-04-05 08:57

developer   ~51362

Last edited: 2019-04-05 08:58

Yes, in admin GUI.
Maybe on a core plugin activated by default ;)

I can do it for 4.0, i just wait …



2019-04-12 22:06

reporter   ~51462

I have code to enforce minimum password strength for Version 3.17.0+190402 see:
I will share the code update the above issue report by Monday next week.



2019-04-13 05:11

reporter   ~51463

I have made modifications to the LS 3.x core to enforce password strength when an admin is editing a user account, or when a user edits their own password settings.

My solution doesn't use the gettranslation feature as I only required my solution to be in English. If this ends up in core, of course, texts should be translated.

The changes were made against build Version 3.17.0+190402, and involved the files:


Password criteria can be specified via the config.php, using this format (min and mix refer to required length of the password, upper refers to uppercase, numeric is obvious, as is symbol.

// Update default LimeSurvey config here

    'params' => array(
    'passwordValidator' => array(
    'min' => 10,
    'max' => 22,
    'upper' => 3,
    'numeric' => 1,
    'symbol' => 2,

/ End of file config.php / (20,280 bytes)


2019-04-15 18:02

administrator   ~51472

Can you make a PR on github, please?



2019-04-15 20:05

reporter   ~51473

PR created:



2020-08-24 13:09

updater   ~59588

@DenisChenu, @cdorin, the feature for defining the PW strength was added to LS4, see and but documentation is missing.

Please make sure that this gets documented at the Limesurvey manual. Otherwise most users will not be aware that this actually exists. A feature not documented is a feature not used.
If needed I can take care of the German translation afterwards. Just post the link here.



2020-08-26 15:38

developer   ~59638

I'm not the dev … then i don't update manual …



2020-08-26 15:50

updater   ~59639

So who actually implemented this?



2023-02-03 17:26

administrator   ~73658

This is implemented, I believe.

Issue History

Date Modified Username Field Change
2019-03-12 15:22 DenisChenu New Issue
2019-04-04 07:57 DenisChenu Relationship added has duplicate 14736
2019-04-04 07:58 DenisChenu Assigned To => c_schmitz
2019-04-04 07:58 DenisChenu Status new => feedback
2019-04-04 07:58 DenisChenu Note Added: 51334
2019-04-05 08:54 Mazi Note Added: 51359
2019-04-05 08:57 DenisChenu Note Added: 51362
2019-04-05 08:57 DenisChenu Status feedback => assigned
2019-04-05 08:58 DenisChenu Note Edited: 51362
2019-04-12 22:06 blocka Note Added: 51462
2019-04-13 05:11 blocka File Added:
2019-04-13 05:11 blocka Note Added: 51463
2019-04-15 18:02 ollehar Note Added: 51472
2019-04-15 20:05 blocka Note Added: 51473
2020-08-24 13:09 Mazi Note Added: 59588
2020-08-26 15:38 DenisChenu Note Added: 59638
2020-08-26 15:50 Mazi Note Added: 59639
2023-02-03 17:26 ollehar Status assigned => resolved
2023-02-03 17:26 ollehar Resolution open => fixed
2023-02-03 17:26 ollehar Note Added: 73658