Email Complex Password Policy

Discussion in 'Installation/Configuration' started by HarborTech, Aug 30, 2012.

  1. HarborTech

    HarborTech New Member

    Forgive me if this has been asked and answered before. I searched the forums a few different ways and didn't run across anything that handled this specifically.

    Now, I fully understand that "complex password" doesn't necessarily mean it's an uncrackable password. You would be better off using "janetoschoolwentapplemonkeycarburetor" than you would by using "!#4ppl3#!". However, my clients are fond of using passwords such as "password".

    Is there a way to enforce the clients to at least meet certain criteria when creating mailbox passwords?

    Best regards,

    --Jason
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Such a function is not available yet, but there might be a feature request for this in the bugtracker if I remember correctly.
     
  3. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

  4. HarborTech

    HarborTech New Member

    Very awesome, I'm glad this is already in the feature requests!

    Is such a thing difficult to implement? I am no developer by any means, but would love to see such a feature become available. I would think because the "Password Strength" visual is already checking the 'strength' of the password, that the underlying basics are already in place to enable such a feature.

    Essentially "If <password> != Strong, then deny password change".

    By the looks of that feature request, it's about three years old now. What are the chances it could get looked at?

    Best regards,

    --Jason
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The chances that it gets implemented will rise if you vote for it in the bugtracker as the developers choose new features by number of votes.
     
  6. Quickspace

    Quickspace New Member

    Hi.

    Not the greatest solution but quick to implement. What I did was to edit the email template and set the password field to read only. This forces users to use the password generator when adding or editing email boxes.

    Edit this file.

    /usr/local/ispconfig/interface/web/mail/templates/mail_user_mailbox_edit.htm

    Then edit this line

    <input name="password" id="password" value="{tmpl_var name='password'}" size="30" maxlength="255" type="password" class="textInput" onkeyup="pass_check(this.value);checkPassMatch('password','repeat_password');" />&nbsp;<a href="javascript:void(0);" onclick="generatePassword('password','repeat_password');">{tmpl_var name='generate_password_txt'}</a>

    And Replace with

    <input readonly name="password" id="password" value="{tmpl_var name='password'}" size="30" maxlength="255" type="password" class="textInput" onkeyup="pass_check(this.value);checkPassMatch('password','repeat_password');" />&nbsp;<a href="javascript:void(0);" onclick="generatePassword('password','repeat_password');">{tmpl_var name='generate_password_txt'}</a> Custom passwords not allowed. Please use the Generator!
     

Share This Page