• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Strong password security policy isn't accepting strong password

Beau Dilon

New Pleskian
According to the security policy page, a "Strong" password:
These passwords are at least 8 characters long and have at least one occurrence of upper and lower-case characters, digits, and special characters.

However, when trying to create an email account from the CLI, passwords which meet these requirements are being rejected. It seems it needs at least 2 special characters, specifically not just any special character, but one of !,@,#,$,%,^,&,*,?,_,~

This specific requirement should be noted. Here are some example passwords that have been rejected according to the policy:

ahwei.gh6Aih
aeH6doaGeth$
w!9>W9i,6
1]H__O_rW
uNj~4`IZ
 
Last edited:
I wouldn't really call it horribly broken but rather very smart. The only issue it has is that it is not documented correctly. But the approach to dynamically adjust the minimum number of characters based on the variety of the string is some smart piece of software, not just an ordinary algorithm.
 
I wouldn't really call it horribly broken but rather very smart. The only issue it has is that it is not documented correctly. But the approach to dynamically adjust the minimum number of characters based on the variety of the string is some smart piece of software, not just an ordinary algorithm.
I would call accepting 123$%&A (only 7 characters!) as "strong" horribly broken.
 
Agree. A password of 7 characters is from the day before yesterday. I was just wondering why symbols like ~ or > are rejected? There must be a justification behind this, but I cannot figure out any.
 
Back
Top