#1 (permalink)  
Old 10-17-2007, 03:05 AM
Registered User
 
Join Date: Sep 2001
Posts: 30
cwihost
Password Strength

I know that Cpanel has the new password strength meters in the Cpanel accounts where passwords can be changed. However is there any Cpanel utility that can check existing passwords and email them if the password is insecure or not strong?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 10-17-2007, 10:38 AM
cPanelDavidG's Avatar
cPanel Technical Sales
 
Join Date: Nov 2006
Location: Houston, TX
Posts: 7,995
cPanelDavidG is on a distinguished road
Quote:
Originally Posted by cwihost View Post
I know that Cpanel has the new password strength meters in the Cpanel accounts where passwords can be changed. However is there any Cpanel utility that can check existing passwords and email them if the password is insecure or not strong?
Not at this time, but perhaps you may want to put in a feature request for this at http://bugzilla.cpanel.net and paste a link here pointing to your feature request so others can vote on it and add themselves as CC.
__________________
Want our technical analysts to login to your server to assist you? You can contact our technical analysts at: http://tickets.cPanel.net/submit
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 10-18-2007, 10:40 AM
cPanelDavidG's Avatar
cPanel Technical Sales
 
Join Date: Nov 2006
Location: Houston, TX
Posts: 7,995
cPanelDavidG is on a distinguished road
Quote:
Originally Posted by pilartorres View Post
Hi,
Is it possible to setup a forgotten password link in the cpanel customer login?
Yes, in WHM -> Server Configuration -> Tweak Settings scroll down to the System section and check Allow cPanel users to reset their password via email. Don't forget to click save at the bottom of the page.
__________________
Want our technical analysts to login to your server to assist you? You can contact our technical analysts at: http://tickets.cPanel.net/submit
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 10-19-2007, 10:19 AM
Registered User
 
Join Date: Jan 2005
Posts: 1,874
webignition is on a distinguished road
Quote:
Originally Posted by cwihost View Post
I know that Cpanel has the new password strength meters in the Cpanel accounts where passwords can be changed. However is there any Cpanel utility that can check existing passwords and email them if the password is insecure or not strong?
For security reasons, I doubt this would be possible.

User passwords would have to be stored in plain text for them to be read and checked for strength. User passwords won't be stored in plain text, hence they cannot be read and checked for strength.
__________________
Jon Cram <jon@webignition.net>
Web and interface design http://webignition.net/
Hosting Reborn (free cpanel accounts) http://hostingreborn.com/
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 10-19-2007, 10:34 AM
cpanelkenneth's Avatar
cPanel Quality Assurance
 
Join Date: Apr 2006
Posts: 3,222
cpanelkenneth is on a distinguished road
There are third party utilities that can actually do this for you.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 10-19-2007, 10:37 AM
Registered User
 
Join Date: Aug 2002
Posts: 1,068
sparek-3 is on a distinguished road
You wouldn't necessarily have to store the passwords in plain text. Just do a password strength check when the user logs into cPanel or Webmail.

I would like to see an option like this for Webmail because we have been running into a lot of problems with users using mail accounts with insecure passwords, and spammers guessing those passwords to get into webmail and use webmail on the account to send out mail.

A feature where the user logs into webmail, enters their username and password in the popup dialog box, the password strength checker checks the password. If it is below what the server administrator deems as a secure password, then the webmail user is not able to proceed any further.

I might recommend just providing a link for changing the password, but then that becomes counter-intuitive. A spammer logs into a webmail account, sees the message about the password being too insecure, so he just changes the password to something more secure and something that he will know. Then logs in again.

However, maybe you don't put the Change Password link in webmail. Maybe you force the webmail user to either contact the person who has control panel access and change the password there or force the user to change the password via the control panel.

You can do the same thing with control panel access, force the user to contact their hosting provider if their control panel password is insecure.

I should probably make an enhancement request for this, but I wasn't really sure how many people would find this feature useful.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 10-19-2007, 11:05 AM
cPanelDavidG's Avatar
cPanel Technical Sales
 
Join Date: Nov 2006
Location: Houston, TX
Posts: 7,995
cPanelDavidG is on a distinguished road
Quote:
Originally Posted by sparek-3 View Post
I should probably make an enhancement request for this, but I wasn't really sure how many people would find this feature useful.
It never hurts to create one on http://bugzilla.cpanel.net and post a link to your request here. I've seen requests, that I thought people would be uninterested with, acquire many votes and CC's.
__________________
Want our technical analysts to login to your server to assist you? You can contact our technical analysts at: http://tickets.cPanel.net/submit
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 10-20-2007, 12:38 PM
Registered User
 
Join Date: Aug 2002
Posts: 1,068
sparek-3 is on a distinguished road
I made an enhancement request. I'm not sure how many people will really be interested in something like this, but I think it might be an interesting feature and like you said, it never hurts.

http://bugzilla.cpanel.net/show_bug.cgi?id=6022

If you think this might be an interesting feature, please vote for the above enhancement request.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 10-20-2007, 12:57 PM
Infopro's Avatar
Forum Moderator
 
Join Date: May 2003
Location: Pennsylvania
Posts: 3,498
Infopro is on a distinguished road
Lightbulb

I'm in. Anything we can do to force them into a stronger password I'd like to have.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 10-27-2007, 04:30 PM
Registered User
 
Join Date: Jan 2007
Posts: 110
jpetersen is on a distinguished road
Voted. This feature would be a great addition to cPanel/WHM. Hard to believe there's only 2 votes for this. I would think a lot more people in the cPanel community would like to see something which improves the security of their servers. It only takes a few moments to create a bugzilla account, visit the URL, and click the vote link.

For those that already have a bugzilla account and are cookied, here is the direct link to vote:
http://bugzilla.cpanel.net/votes.cgi...6022#vote_6022
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 03:17 PM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© cPanel Inc