The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Forced password change?

Discussion in 'Security' started by 4u123, Nov 15, 2012.

Thread Status:
Not open for further replies.
  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Hi, I've just had a customer saying that she logged into cpanel and was immediately asked to change her password to something stronger.

    This is a new server and I have enabled the "security policy" password strength option but not the password ageing. I was under the impression that the password strength option is used to set the minimum strength for new passwords. I've read the cpanel documentation and it doesn't say anywhere that setting this option will check the password as it is entered and force the customer to change their password on login if it is not strong enough.

    Can anyone clarify the behaviour of this?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The "Password Strength" feature on the Configure Security Policies screen enables a password strength check at the time of login. Thus, a user will be prompted to change their password when logging in with a password that is not strong enough.

    You would simply use "WHM Home » Security Center » Password Strength Configuration" if you only want to utilize a minimum password strength requirement for new accounts. Leave the "Password Strength" feature on the Configure Security Policies screen disabled in this case.

    Thank you.
     
  3. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Ok thanks for clarifying Michael.

    I would advise that you update your documentation to reflect this, as it doesn't say anywhere that the password is checked at login, or that the user will be forced to change their password.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page