The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Changing password strength requirements

Discussion in 'General Discussion' started by Mike N, Apr 11, 2011.

  1. Mike N

    Mike N Member

    Joined:
    Sep 15, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    First the goods: cPanel 11.24.4-R35075 - WHM 11.24.2 - X 3.9 running on FreeBSD 6.2 ;)

    We'd like to raise our minimum password strength from it's current level to 80. How will this affect our current users whose password strength is below that threshold?

    I did a search for this, based on "password strength," and found many discussions, but nothing pointing to this particular question.

    Thanks in advance!
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The change should not impact users who have already set passwords below the minimum threshold unless you also have WHM > Configure Security Policies configured for "Password Age" where they will be required to reset the password when it expires for the aging portion.

    Otherwise, you'd simply have users required to use the correct strength password when creating a new password or changing the existing one. Old passwords should still work until the user chooses to change the password in the future and will be bound by the new password strength level.

    Please note that I tested this by increasing the WHM > Password Strength Configuration area to 80 for all options listed there, and I then logged into an account that had a weak password already set. That cPanel user login was still working and I did not have to change the password.

    Even though you appear to be using an older cPanel version, the functionality should still work the same on that version. I would highly suggest updating to the newest 11.28 that is available, which is the following for RELEASE tier:

    11.28.87-RELEASE_51188

    You would be able to see the existing versions at this location:

    http://httpupdate.cpanel.net/

    Simply running "/scripts/upcp --force" on the machine should allow an update to 11.28 for it.
     
  3. Mike N

    Mike N Member

    Joined:
    Sep 15, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks, Tristan! I appreciate the information about the password strength requirements.

    Yes, we plan on updating to 11.28 within a month or so. We're going to be updating to FreeBSD 8.1 on the server, to ensure long-time support and that we don't get prematurely EOL'd by your new policy ;) Just hope that y'all continue to support FreeBSD as an OS!

    Thanks again! :cool:
     
  4. MattLee

    MattLee BANNED

    Joined:
    Aug 26, 2009
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    0
  5. florenceit

    florenceit Member

    Joined:
    Jan 11, 2010
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Is it documented anywhere what the details of the password strength requirements will be for varying slider settings? (ie: how many uppercase/numbers/symbols/etc...) ? I want to turn this on but don't know how far to put the slider. I need to improve the assword requirements but don;t want to go to 100 i dont think (or i dont know as i cant even guess what they are)..


    any help on determining this? thanks!
     
  6. Gochu75

    Gochu75 Registered

    Joined:
    May 14, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I do have a problem with reducing the password strength of the email accounts using cpanel. Any help on how to solve this problem cos av been searching everywhere to get a solution and cant seem to find any link to getting a solution ??? Its becoming a nuisance to my colleagues having to get a password with strength of above 70%. they are not I.T saavy at all. I cant seem to find any slider too, cos everyone seems to be talking about a slider. Thanks.
     
    #6 Gochu75, May 14, 2012
    Last edited: May 14, 2012
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Those talking about a slider have access to WHM to configure the setting. Have you spoken to your hosting provider about the issue?
     
  8. AthensMatt

    AthensMatt Member

    Joined:
    Mar 24, 2015
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Athens
    cPanel Access Level:
    Root Administrator
    I realize this thread is 5 years old, but I haven't found the answer to this question. We don't have a provider to ask. What does the scale represent at each increment with regards to when a upper or lower case letter is required, when numbers are required, when special characters are required, how many of each of the previous, password length, etc...

    Thank you!
     
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The increments don't map to specific requirements such as "special characters are required." The password strength checker inspects the inputed password and assigns it a score. The strength requirement sets the minimum score required.
     
  10. AthensMatt

    AthensMatt Member

    Joined:
    Mar 24, 2015
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Athens
    cPanel Access Level:
    Root Administrator
    Great thank you Kenneth! I did some random testing of and found what our minimum equaled to on the scale. All is good now.
     
Loading...

Share This Page