Changing password strength requirements

Hi all,

Currently, OpenMRS (verified on 1.11 or below) doesnot allow to create a user without a password containing Upper-Lower-Number combination.

We piloted OpenMRS used by field workers (via mobile) and found out that using these password is almost impossible for these guyz. Moreover, for our next implementation in another country where our users are again field workers, during training we found that this issues is coming up again as top priority.

Although usage of a system having sensitive patient data via weak passwords is not a good idea at all, but field assessments show that there is no way around.

I wanted to get community`s opinion and suggestions on this. One is it possible to use openmrs anyway with simple passwords without hacks or workarounds, 2nd what would be best possible way to get around this quickly. Rightnow we are thinking to automatically convert first letter to Capital and append a number in the end when field worker tries authenticating using mobile app.

Thanks in advance for the guidance!

@maimoonak, the password strength requirement is configurable per-implementation.

See here:

(I couldn’t find a wiki page documenting this, but it would be great if you could add it!)

1 Like

Thanks alot @darius. This helps!. I have added a wiki page in OpenMRS implementer space for this .

1 Like

Hello there!

Just stumbled upon this interesting article about password security

Thought I’d share :slight_smile:

1 Like