Changing password strength requirements

Mike N

Member
Sep 15, 2010
10
0
51
cPanel Access Level
Root Administrator
First the goods: cPanel 11.24.4-R35075 - WHM 11.24.2 - X 3.9 running on FreeBSD 6.2 ;)

We'd like to raise our minimum password strength from it's current level to 80. How will this affect our current users whose password strength is below that threshold?

I did a search for this, based on "password strength," and found many discussions, but nothing pointing to this particular question.

Thanks in advance!
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
The change should not impact users who have already set passwords below the minimum threshold unless you also have WHM > Configure Security Policies configured for "Password Age" where they will be required to reset the password when it expires for the aging portion.

Otherwise, you'd simply have users required to use the correct strength password when creating a new password or changing the existing one. Old passwords should still work until the user chooses to change the password in the future and will be bound by the new password strength level.

Please note that I tested this by increasing the WHM > Password Strength Configuration area to 80 for all options listed there, and I then logged into an account that had a weak password already set. That cPanel user login was still working and I did not have to change the password.

Even though you appear to be using an older cPanel version, the functionality should still work the same on that version. I would highly suggest updating to the newest 11.28 that is available, which is the following for RELEASE tier:

11.28.87-RELEASE_51188

You would be able to see the existing versions at this location:

http://httpupdate.cpanel.net/

Simply running "/scripts/upcp --force" on the machine should allow an update to 11.28 for it.
 

Mike N

Member
Sep 15, 2010
10
0
51
cPanel Access Level
Root Administrator
Thanks, Tristan! I appreciate the information about the password strength requirements.

Yes, we plan on updating to 11.28 within a month or so. We're going to be updating to FreeBSD 8.1 on the server, to ensure long-time support and that we don't get prematurely EOL'd by your new policy ;) Just hope that y'all continue to support FreeBSD as an OS!

Thanks again! :cool:
 

MattLee

BANNED
Aug 26, 2009
83
0
56

florenceit

Member
Jan 11, 2010
16
0
51
Is it documented anywhere what the details of the password strength requirements will be for varying slider settings? (ie: how many uppercase/numbers/symbols/etc...) ? I want to turn this on but don't know how far to put the slider. I need to improve the assword requirements but don;t want to go to 100 i dont think (or i dont know as i cant even guess what they are)..


any help on determining this? thanks!
 

Gochu75

Registered
May 14, 2012
1
0
51
cPanel Access Level
Website Owner
I do have a problem with reducing the password strength of the email accounts using cpanel. Any help on how to solve this problem cos av been searching everywhere to get a solution and cant seem to find any link to getting a solution ??? Its becoming a nuisance to my colleagues having to get a password with strength of above 70%. they are not I.T saavy at all. I cant seem to find any slider too, cos everyone seems to be talking about a slider. Thanks.
 
Last edited:

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
Those talking about a slider have access to WHM to configure the setting. Have you spoken to your hosting provider about the issue?
 

AthensMatt

Active Member
Mar 24, 2015
29
0
1
Athens
cPanel Access Level
Root Administrator
Is it documented anywhere what the details of the password strength requirements will be for varying slider settings? (ie: how many uppercase/numbers/symbols/etc...) ? I want to turn this on but don't know how far to put the slider. I need to improve the assword requirements but don;t want to go to 100 i dont think (or i dont know as i cant even guess what they are)..


any help on determining this? thanks!
I realize this thread is 5 years old, but I haven't found the answer to this question. We don't have a provider to ask. What does the scale represent at each increment with regards to when a upper or lower case letter is required, when numbers are required, when special characters are required, how many of each of the previous, password length, etc...

Thank you!
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,579
55
308
cPanel Access Level
Root Administrator
I realize this thread is 5 years old, but I haven't found the answer to this question. We don't have a provider to ask. What does the scale represent at each increment with regards to when a upper or lower case letter is required, when numbers are required, when special characters are required, how many of each of the previous, password length, etc...

Thank you!
The increments don't map to specific requirements such as "special characters are required." The password strength checker inspects the inputed password and assigns it a score. The strength requirement sets the minimum score required.