The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Secure password is too long to be considered secure in cPanel

Discussion in 'Security' started by velvelajade, Mar 23, 2016.

  1. velvelajade

    velvelajade Registered

    Joined:
    Mar 23, 2016
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    United States of America
    cPanel Access Level:
    Website Owner
    My issue is that I know that my password to password protect a folder is extremely secure. The problem is that there is no documentation of allowed characters. And, cPanel thinks that a password longer then 65 characters is NOT secure. I use a combination of characters that do NOT include Asian, Hebraic or Greek characters. I am sure it counts the number of duplicates but I use a combination of numbers, symbols, caps and lower case letters. My password length is less then 250.

    Does cPanel allow username's password for folders to contain foreign letters at all?
    Can Hebrew be used?
    Can Hiragana be used?
    Can Greek letters be used?
    Can Russian be used? Icelandic letters?
    Can letters with dots underneath them be used?
    And, if so, which ones?
    I know this WAS asked before, over two years back but NO ONE responded to that person, but I do understand such a security risk in answering such a question.

    The problem is that unless we have this documentation, we blindly try various combinations until we find one that is valid and NOT secure. Anyone can take the US/UK letters, numbers and symbols and crack those passwords. It only takes a computer. But, if non-english keyboards were allowed to create passwords too - even more than one keyboard used for the same password, wouldn't this be more secure? OR does cPanel only apply it to the key number and ignores which keyboard was used? My site was hacked a long time ago with that huge cPanel vulnerability issue. However, I do not want my website hacked either from the website end, so would like to sew up what I can on my end, as well.
    Thanks! from a private website owner who is not making a public website
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you verify if you are asking about password protecting a directory with Apache, or the passwords utilized for access to cPanel/WHM?

    Thank you.
     
  3. velvelajade

    velvelajade Registered

    Joined:
    Mar 23, 2016
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    United States of America
    cPanel Access Level:
    Website Owner
    It is password protecting a directory with a username and password. It is not about the initial access to cPanel. However, it would be good to know the nitty gritty details behind what is allowed in a cPanel initial access password too, as that one I have not tried to make so over the to secure yet, but will be working on that next. (I didn't want to lock me out of my site, so thought that if I worked on directories first, that I should be safer.) Thanks!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. velvelajade

    velvelajade Registered

    Joined:
    Mar 23, 2016
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    United States of America
    cPanel Access Level:
    Website Owner
    I found out that the password over the directory can only be 50 characters long. Any longer and it tosses a "too weak of a password" error.
     
    cPanelMichael likes this.
Loading...

Share This Page