The security application currently has 2 features. Brute force protection and strong password enforcement.
It blocks an IP after certain failed login attempts
The admin can configure:
- minimum length of the password
- enforce upper and lower case characters
- enforce numeric characters
- enforce special characters (non-alphanumeric)
It allows you to validate passwords in your own apps by using “OCP\User::validatePassword” event:
\OC::$server->getEventDispatcher()->dispatch(
'OCP\User::validatePassword',
new GenericEvent(null, ['password' => $password])
);