cancel
Showing results for 
Search instead for 
Did you mean: 

password strength

SOLVED
Go to solution
Linda Card
Frequent Advisor

password strength

We have installed and setup Enhanced Security on our 4.0g and read the pub. We will use the u_minlen, _restrict and u_pwdepth for sure. However, current requirements mandate a stringent composition for passwords:
2 uppercase; 2 lowercase; 2 numeric and 2 special chars.

I have searched thru the site and found the "spider" c-program to mod pw_policy. None of us here are c programmers. Alas.

Am I correct when I state that the password composition stated above would have to be programmed into our system for pw_policy?

3 REPLIES
Mark Poeschl_2
Honored Contributor

Re: password strength

You are correct. We modified that program to implement our site's password strength policy.
Ann Majeske
Honored Contributor
Solution

Re: password strength

You do not have to use Spider's c programming example for your pwpolicy, you can use any program that has the same inputs/outputs. You could probably even implement it as a script if you wanted. The issue that I have with scripts is that they're inherently less secure than a c program and what you're trying to accomplish is to increase your security.

Ann
Linda Card
Frequent Advisor

Re: password strength

Thanks, you guys are the best. Points assigned