The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password Strength

Discussion in 'General Discussion' started by cwihost, Oct 17, 2007.

  1. cwihost

    cwihost Member

    Joined:
    Sep 9, 2001
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    6
    I know that Cpanel has the new password strength meters in the Cpanel accounts where passwords can be changed. However is there any Cpanel utility that can check existing passwords and email them if the password is insecure or not strong?
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Not at this time, but perhaps you may want to put in a feature request for this at http://bugzilla.cpanel.net and paste a link here pointing to your feature request so others can vote on it and add themselves as CC.
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Yes, in WHM -> Server Configuration -> Tweak Settings scroll down to the System section and check Allow cPanel users to reset their password via email. Don't forget to click save at the bottom of the page.
     
  4. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    For security reasons, I doubt this would be possible.

    User passwords would have to be stored in plain text for them to be read and checked for strength. User passwords won't be stored in plain text, hence they cannot be read and checked for strength.
     
  5. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    There are third party utilities that can actually do this for you.
     
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You wouldn't necessarily have to store the passwords in plain text. Just do a password strength check when the user logs into cPanel or Webmail.

    I would like to see an option like this for Webmail because we have been running into a lot of problems with users using mail accounts with insecure passwords, and spammers guessing those passwords to get into webmail and use webmail on the account to send out mail.

    A feature where the user logs into webmail, enters their username and password in the popup dialog box, the password strength checker checks the password. If it is below what the server administrator deems as a secure password, then the webmail user is not able to proceed any further.

    I might recommend just providing a link for changing the password, but then that becomes counter-intuitive. A spammer logs into a webmail account, sees the message about the password being too insecure, so he just changes the password to something more secure and something that he will know. Then logs in again.

    However, maybe you don't put the Change Password link in webmail. Maybe you force the webmail user to either contact the person who has control panel access and change the password there or force the user to change the password via the control panel.

    You can do the same thing with control panel access, force the user to contact their hosting provider if their control panel password is insecure.

    I should probably make an enhancement request for this, but I wasn't really sure how many people would find this feature useful.
     
  7. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    It never hurts to create one on http://bugzilla.cpanel.net and post a link to your request here. I've seen requests, that I thought people would be uninterested with, acquire many votes and CC's.
     
  8. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I made an enhancement request. I'm not sure how many people will really be interested in something like this, but I think it might be an interesting feature and like you said, it never hurts.

    http://bugzilla.cpanel.net/show_bug.cgi?id=6022

    If you think this might be an interesting feature, please vote for the above enhancement request.
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm in. Anything we can do to force them into a stronger password I'd like to have.
     
  10. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    Voted. This feature would be a great addition to cPanel/WHM. Hard to believe there's only 2 votes for this. I would think a lot more people in the cPanel community would like to see something which improves the security of their servers. It only takes a few moments to create a bugzilla account, visit the URL, and click the vote link.

    For those that already have a bugzilla account and are cookied, here is the direct link to vote:
    http://bugzilla.cpanel.net/votes.cgi?action=show_user&bug_id=6022#vote_6022
     
Loading...

Share This Page