Changing password strength requirements

[Mike N]

First the goods: cPanel 11.24.4-R35075 - WHM 11.24.2 - X 3.9 running on FreeBSD 6.2

We'd like to raise our minimum password strength from it's current level to 80. How will this affect our current users whose password strength is below that threshold?

I did a search for this, based on "password strength," and found many discussions, but nothing pointing to this particular question.

Thanks in advance!

 

[cPanelTristan]

The change should not impact users who have already set passwords below the minimum threshold unless you also have WHM > Configure Security Policies configured for "Password Age" where they will be required to reset the password when it expires for the aging portion.

Otherwise, you'd simply have users required to use the correct strength password when creating a new password or changing the existing one. Old passwords should still work until the user chooses to change the password in the future and will be bound by the new password strength level.

Please note that I tested this by increasing the WHM > Password Strength Configuration area to 80 for all options listed there, and I then logged into an account that had a weak password already set. That cPanel user login was still working and I did not have to change the password.

Even though you appear to be using an older cPanel version, the functionality should still work the same on that version. I would highly suggest updating to the newest 11.28 that is available, which is the following for RELEASE tier:

11.28.87-RELEASE_51188

You would be able to see the existing versions at this location:

http://httpupdate.cpanel.net/

Simply running "/scripts/upcp --force" on the machine should allow an update to 11.28 for it.

 

[Mike N]

Thanks, Tristan! I appreciate the information about the password strength requirements.

Yes, we plan on updating to 11.28 within a month or so. We're going to be updating to FreeBSD 8.1 on the server, to ensure long-time support and that we don't get prematurely EOL'd by your new policy Just hope that y'all continue to support FreeBSD as an OS!

Thanks again!

 

[MattLee]

Just checking in to make sure that you were able to find our new tables involving EOL for various operating system versions and our applicable EOL policy.

System Requirements - cPanel Inc.
Operating System End of Life Policy for cPanel & WHM

 

[florenceit]

Is it documented anywhere what the details of the password strength requirements will be for varying slider settings? (ie: how many uppercase/numbers/symbols/etc...) ? I want to turn this on but don't know how far to put the slider. I need to improve the assword requirements but don;t want to go to 100 i dont think (or i dont know as i cant even guess what they are)..


any help on determining this? thanks!

 

[Gochu75]

I do have a problem with reducing the password strength of the email accounts using cpanel. Any help on how to solve this problem cos av been searching everywhere to get a solution and cant seem to find any link to getting a solution ??? Its becoming a nuisance to my colleagues having to get a password with strength of above 70%. they are not I.T saavy at all. I cant seem to find any slider too, cos everyone seems to be talking about a slider. Thanks.

 

[cPanelTristan]

Those talking about a slider have access to WHM to configure the setting. Have you spoken to your hosting provider about the issue?

 

[AthensMatt]

Is it documented anywhere what the details of the password strength requirements will be for varying slider settings? (ie: how many uppercase/numbers/symbols/etc...) ? I want to turn this on but don't know how far to put the slider. I need to improve the assword requirements but don;t want to go to 100 i dont think (or i dont know as i cant even guess what they are)..


any help on determining this? thanks!

I realize this thread is 5 years old, but I haven't found the answer to this question. We don't have a provider to ask. What does the scale represent at each increment with regards to when a upper or lower case letter is required, when numbers are required, when special characters are required, how many of each of the previous, password length, etc...

Thank you!

 

[cPanelKenneth]

I realize this thread is 5 years old, but I haven't found the answer to this question. We don't have a provider to ask. What does the scale represent at each increment with regards to when a upper or lower case letter is required, when numbers are required, when special characters are required, how many of each of the previous, password length, etc...

Thank you!

The increments don't map to specific requirements such as "special characters are required." The password strength checker inspects the inputed password and assigns it a score. The strength requirement sets the minimum score required.

 

[AthensMatt]

Great thank you Kenneth! I did some random testing of and found what our minimum equaled to on the scale. All is good now.