Community Forums
Connect with us on LinkedIn
Community Notice
+ Reply to Thread
Results 1 to 10 of 10
  1. #1
    Member
    Join Date
    Sep 2001
    Posts
    31

    Default Password Strength

    I know that Cpanel has the new password strength meters in the Cpanel accounts where passwords can be changed. However is there any Cpanel utility that can check existing passwords and email them if the password is insecure or not strong?

  2. #2
    Technical Product Specialist cPanelDavidG's Avatar
    Join Date
    Nov 2006
    Location
    Houston, TX
    Posts
    10,718
    cPanel/Enkompass Access Level

    Root Administrator

    Default

    Quote Originally Posted by cwihost View Post
    I know that Cpanel has the new password strength meters in the Cpanel accounts where passwords can be changed. However is there any Cpanel utility that can check existing passwords and email them if the password is insecure or not strong?
    Not at this time, but perhaps you may want to put in a feature request for this at http://bugzilla.cpanel.net and paste a link here pointing to your feature request so others can vote on it and add themselves as CC.

  3. #3
    Technical Product Specialist cPanelDavidG's Avatar
    Join Date
    Nov 2006
    Location
    Houston, TX
    Posts
    10,718
    cPanel/Enkompass Access Level

    Root Administrator

    Default

    Quote Originally Posted by pilartorres View Post
    Hi,
    Is it possible to setup a forgotten password link in the cpanel customer login?
    Yes, in WHM -> Server Configuration -> Tweak Settings scroll down to the System section and check Allow cPanel users to reset their password via email. Don't forget to click save at the bottom of the page.

  4. #4
    Member
    Join Date
    Jan 2005
    Posts
    1,880

    Default

    Quote Originally Posted by cwihost View Post
    I know that Cpanel has the new password strength meters in the Cpanel accounts where passwords can be changed. However is there any Cpanel utility that can check existing passwords and email them if the password is insecure or not strong?
    For security reasons, I doubt this would be possible.

    User passwords would have to be stored in plain text for them to be read and checked for strength. User passwords won't be stored in plain text, hence they cannot be read and checked for strength.
    Jon Cram <jon@webignition.net>
    Web and interface design http://webignition.net/
    Hosting Reborn (free cpanel accounts) http://hostingreborn.com/

  5. #5
    cPanel Development cpanelkenneth's Avatar
    Join Date
    Apr 2006
    Posts
    3,768
    cPanel/Enkompass Access Level

    Root Administrator

    Default

    There are third party utilities that can actually do this for you.

  6. #6
    Member
    Join Date
    Aug 2002
    Posts
    1,118

    Default

    You wouldn't necessarily have to store the passwords in plain text. Just do a password strength check when the user logs into cPanel or Webmail.

    I would like to see an option like this for Webmail because we have been running into a lot of problems with users using mail accounts with insecure passwords, and spammers guessing those passwords to get into webmail and use webmail on the account to send out mail.

    A feature where the user logs into webmail, enters their username and password in the popup dialog box, the password strength checker checks the password. If it is below what the server administrator deems as a secure password, then the webmail user is not able to proceed any further.

    I might recommend just providing a link for changing the password, but then that becomes counter-intuitive. A spammer logs into a webmail account, sees the message about the password being too insecure, so he just changes the password to something more secure and something that he will know. Then logs in again.

    However, maybe you don't put the Change Password link in webmail. Maybe you force the webmail user to either contact the person who has control panel access and change the password there or force the user to change the password via the control panel.

    You can do the same thing with control panel access, force the user to contact their hosting provider if their control panel password is insecure.

    I should probably make an enhancement request for this, but I wasn't really sure how many people would find this feature useful.

  7. #7
    Technical Product Specialist cPanelDavidG's Avatar
    Join Date
    Nov 2006
    Location
    Houston, TX
    Posts
    10,718
    cPanel/Enkompass Access Level

    Root Administrator

    Default

    Quote Originally Posted by sparek-3 View Post
    I should probably make an enhancement request for this, but I wasn't really sure how many people would find this feature useful.
    It never hurts to create one on http://bugzilla.cpanel.net and post a link to your request here. I've seen requests, that I thought people would be uninterested with, acquire many votes and CC's.

  8. #8
    Member
    Join Date
    Aug 2002
    Posts
    1,118

    Default

    I made an enhancement request. I'm not sure how many people will really be interested in something like this, but I think it might be an interesting feature and like you said, it never hurts.

    http://bugzilla.cpanel.net/show_bug.cgi?id=6022

    If you think this might be an interesting feature, please vote for the above enhancement request.

  9. #9
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    7,165
    cPanel/Enkompass Access Level

    Root Administrator

    Lightbulb

    I'm in. Anything we can do to force them into a stronger password I'd like to have.

  10. #10
    Member
    Join Date
    Jan 2007
    Posts
    113

    Default

    Voted. This feature would be a great addition to cPanel/WHM. Hard to believe there's only 2 votes for this. I would think a lot more people in the cPanel community would like to see something which improves the security of their servers. It only takes a few moments to create a bugzilla account, visit the URL, and click the vote link.

    For those that already have a bugzilla account and are cookied, here is the direct link to vote:
    http://bugzilla.cpanel.net/votes.cgi...6022#vote_6022

Similar Threads & Tags
Similar threads

  1. cPanel Password Strength Meter
    By lvt in forum cPanel Developers
    Replies: 4
    Last Post: 11-28-2011, 11:03 AM
  2. Access to password strength algorithm
    By mjqtreble in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 06-23-2010, 10:28 AM
  3. password strength for email
    By nitaish in forum cPanel and WHM Discussions
    Replies: 4
    Last Post: 12-28-2009, 10:02 AM
  4. Password Strength BUG
    By jandafields in forum cPanel and WHM Discussions
    Replies: 7
    Last Post: 11-21-2009, 11:02 PM
  5. Password Strength
    By gmm6797 in forum cPanel and WHM Discussions
    Replies: 5
    Last Post: 08-20-2009, 11:35 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube