We are looking for a Secure Password extension to be built for MediaWiki to be integrated into a new internal installation.
The purpose of the extension will be to enforce the following password policy with the following criteria:
- Passwords must be encrypted using a sha256 hash function,
- Password length must be eight characters or greater
- Passwords must consist of a mixture of lowercase, uppercase and digits
- Passwords must not be the same as username
- Passwords must be changed every 30 days
- Last 12 passwords must be retained to prevent re-use on password change
- Initial and reset passwords must enforce a change upon use
- Un-succesful logon attempts must be limited to no more than 5 consecutive attempts. Exceeding 5 consecutive attempts should result in an account being suspended.
We will need to have this extension complete by Friday 11th of Jan with clear instructions for installation on a vanilla install of mediawiki.
Please confirm expected delivery times of a beta version, and estimated costs for delivering on a per hour basis - we would expect the time estimate to be within 15% of the total final cost.
Thanks in advance for your responses.