Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Changing password strength requirements

Discussion in 'General Discussion' started by Mike N, Apr 11, 2011.

  1. Mike N

    Mike N Member

    Joined:
    Sep 15, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    First the goods: cPanel 11.24.4-R35075 - WHM 11.24.2 - X 3.9 running on FreeBSD 6.2 ;)

    We'd like to raise our minimum password strength from it's current level to 80. How will this affect our current users whose password strength is below that threshold?

    I did a search for this, based on "password strength," and found many discussions, but nothing pointing to this particular question.

    Thanks in advance!
     
    #1 Mike N, Apr 11, 2011
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,622
    Likes Received:
    26
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The change should not impact users who have already set passwords below the minimum threshold unless you also have WHM > Configure Security Policies configured for "Password Age" where they will be required to reset the password when it expires for the aging portion.

    Otherwise, you'd simply have users required to use the correct strength password when creating a new password or changing the existing one. Old passwords should still work until the user chooses to change the password in the future and will be bound by the new password strength level.

    Please note that I tested this by increasing the WHM > Password Strength Configuration area to 80 for all options listed there, and I then logged into an account that had a weak password already set. That cPanel user login was still working and I did not have to change the password.

    Even though you appear to be using an older cPanel version, the functionality should still work the same on that version. I would highly suggest updating to the newest 11.28 that is available, which is the following for RELEASE tier:

    11.28.87-RELEASE_51188

    You would be able to see the existing versions at this location:

    http://httpupdate.cpanel.net/

    Simply running "/scripts/upcp --force" on the machine should allow an update to 11.28 for it.
     
    #2 cPanelTristan, Apr 11, 2011
  3. Mike N

    Mike N Member

    Joined:
    Sep 15, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    Thanks, Tristan! I appreciate the information about the password strength requirements.

    Yes, we plan on updating to 11.28 within a month or so. We're going to be updating to FreeBSD 8.1 on the server, to ensure long-time support and that we don't get prematurely EOL'd by your new policy ;) Just hope that y'all continue to support FreeBSD as an OS!

    Thanks again! :cool:
     
    #3 Mike N, Apr 12, 2011
  4. MattLee

    MattLee BANNED

    Joined:
    Aug 26, 2009
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    56
    #4 MattLee, Apr 12, 2011
  5. florenceit

    florenceit Member

    Joined:
    Jan 11, 2010
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    51
    Is it documented anywhere what the details of the password strength requirements will be for varying slider settings? (ie: how many uppercase/numbers/symbols/etc...) ? I want to turn this on but don't know how far to put the slider. I need to improve the assword requirements but don;t want to go to 100 i dont think (or i dont know as i cant even guess what they are)..


    any help on determining this? thanks!
     
    #5 florenceit, Mar 2, 2012
  6. Gochu75

    Gochu75 Registered

    Joined:
    May 14, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Website Owner
    I do have a problem with reducing the password strength of the email accounts using cpanel. Any help on how to solve this problem cos av been searching everywhere to get a solution and cant seem to find any link to getting a solution ??? Its becoming a nuisance to my colleagues having to get a password with strength of above 70%. they are not I.T saavy at all. I cant seem to find any slider too, cos everyone seems to be talking about a slider. Thanks.
     
    #6 Gochu75, May 14, 2012
    Last edited: May 14, 2012
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,622
    Likes Received:
    26
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Those talking about a slider have access to WHM to configure the setting. Have you spoken to your hosting provider about the issue?
     
    #7 cPanelTristan, May 16, 2012
  8. AthensMatt

    AthensMatt Active Member

    Joined:
    Mar 24, 2015
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Athens
    cPanel Access Level:
    Root Administrator
    I realize this thread is 5 years old, but I haven't found the answer to this question. We don't have a provider to ask. What does the scale represent at each increment with regards to when a upper or lower case letter is required, when numbers are required, when special characters are required, how many of each of the previous, password length, etc...

    Thank you!
     
    #8 AthensMatt, Jun 3, 2015
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,515
    Likes Received:
    33
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    The increments don't map to specific requirements such as "special characters are required." The password strength checker inspects the inputed password and assigns it a score. The strength requirement sets the minimum score required.
     
    #9 cPanelKenneth, Jun 3, 2015
  10. AthensMatt

    AthensMatt Active Member

    Joined:
    Mar 24, 2015
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Athens
    cPanel Access Level:
    Root Administrator
    Great thank you Kenneth! I did some random testing of and found what our minimum equaled to on the scale. All is good now.
     
    #10 AthensMatt, Jun 4, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Changing password strength
  1. Sametto Chan

    Changing Password Length?

    Sametto Chan, Aug 24, 2017, in forum: Security
    Replies:
    8
    Views:
    160
    Sametto Chan
    Aug 28, 2017
  2. Leon van de Griend

    Changing Root Password Problem

    Leon van de Griend, Jul 20, 2017, in forum: Security
    Replies:
    11
    Views:
    328
    gentlemedia
    Aug 4, 2017
  3. Juan Carlos Nava

    Changing Email Password Issue

    Juan Carlos Nava, Jun 1, 2017, in forum: E-mail Discussions
    Replies:
    3
    Views:
    205
    cPanelMichael
    Jun 2, 2017
  4. Asif

    Email Password Changing Option Missing

    Asif, Jun 24, 2016, in forum: E-mail Discussions
    Replies:
    1
    Views:
    516
    cPanelMichael
    Jun 24, 2016
  5. daniel ferr

    Unblocking e-mail account not possible anymore by changing password?

    daniel ferr, Feb 12, 2016, in forum: E-mail Discussions
    Replies:
    2
    Views:
    826
    cPanelMichael
    Feb 15, 2016

Share This Page