Security and password


I want to build a website that could have a lot of “non techy” users. My concern is that these users will choose a very weak password and will forget it sometime.

How to manage this two problems?

1- How to avoid weak users password

I would like to force my user to choose a long password (for instance 15 characters min).

I can control that if I build a front end user registration form but how to control this in the user panel page?
Is there a hook or another way to do that?

2- Reset password

As Kirby has no reset password system, I would like to add a message on the login panel page to ask the user to contact the admin in case they have forgotten their password.

Is there a hook on the login page to display a message?

Thx for your advices

As regards your second question, you could add a line via css, as suggested in this post.

As regards the length of the password, you could overwrite the password panel field and add a validator:

public function validate() {
    return v::minLength($this->result(), 15);

You should probably tell the user that 15 characters are required, then, since the validator does not give any clues.

Thanks @texnixe for your tips.

I would prefer using a hook to add dynamic data to my message (for instance get and display the admin email) but anyway css is better than nothing :wink:

Maybe an obvious question but how may I overwrite the password panel field? :-/
I copy/past the password panel field code in my fields folder with the same name and I change the code?

PS: Is there a page documentation which list the hook in Kirby?

Exactly, all you have to do is copy/paste the field and add the validate() method.

All available hooks are listed on this page, but there are no hooks to hook into displaying a message on the login page.