burnleyvic
Regular Pleskian
In plesk panel security policy settings a medium strength password is defined as follows;
These passwords are at least 5 characters long. They consist of characters in upper and lower case and special symbols. Such passwords provide reliable protection from attacks that capture passwords.
If the above is true then how can Password123 and even password123 BOTH be be acceptable medium strength passwords? One lacks a special character and the other lacks a capital letter... There is also the issue of dictionary words being used.
Medium strength should require all of the following: at least one upper case, one number and one special character in a 5 character password. Not contain words from the dictionary, perhaps make this last bit selectable in Security policy section and allow admins to specify custom dictionary file?
So far it seems the only option to fix this is to set password strength to Strong which is defined as;
These passwords are at least 8 characters long. Along with upper and lower-case characters, they require multiple occurrences of digits and special symbols. Such passwords provide strong protection from brute-force attacks.
Testing in panel seems to show that the definition for strong is accurate as it requires upper & lower case, numbers, and special characters to achieve strong so this ones ok though again use of word from dictionary should be factored in as Password123! is defined as strong which is certainly debatable.
also Setting password strength to Very Strong is impractical due to the requirement for a 16 digit password. There are better ways to make a very tough password without just adding more characters.
Parallels can you please consider working on this strength meter as the various strength setting definitions need work with regards to password complexity with current function its still far too easy for a customer to select a substandard password. If parallels is indeed taking security seriously they should consider implementing this as a matter of urgency.
These passwords are at least 5 characters long. They consist of characters in upper and lower case and special symbols. Such passwords provide reliable protection from attacks that capture passwords.
If the above is true then how can Password123 and even password123 BOTH be be acceptable medium strength passwords? One lacks a special character and the other lacks a capital letter... There is also the issue of dictionary words being used.
Medium strength should require all of the following: at least one upper case, one number and one special character in a 5 character password. Not contain words from the dictionary, perhaps make this last bit selectable in Security policy section and allow admins to specify custom dictionary file?
So far it seems the only option to fix this is to set password strength to Strong which is defined as;
These passwords are at least 8 characters long. Along with upper and lower-case characters, they require multiple occurrences of digits and special symbols. Such passwords provide strong protection from brute-force attacks.
Testing in panel seems to show that the definition for strong is accurate as it requires upper & lower case, numbers, and special characters to achieve strong so this ones ok though again use of word from dictionary should be factored in as Password123! is defined as strong which is certainly debatable.
also Setting password strength to Very Strong is impractical due to the requirement for a 16 digit password. There are better ways to make a very tough password without just adding more characters.
Parallels can you please consider working on this strength meter as the various strength setting definitions need work with regards to password complexity with current function its still far too easy for a customer to select a substandard password. If parallels is indeed taking security seriously they should consider implementing this as a matter of urgency.