• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Strong password security policy isn't accepting strong password

B

Beau Dilon

New Pleskian
According to the security policy page, a "Strong" password:
These passwords are at least 8 characters long and have at least one occurrence of upper and lower-case characters, digits, and special characters.
Click to expand...

However, when trying to create an email account from the CLI, passwords which meet these requirements are being rejected. It seems it needs at least 2 special characters, specifically not just any special character, but one of !,@,#,$,%,^,&,*,?,_,~

This specific requirement should be noted. Here are some example passwords that have been rejected according to the policy:

ahwei.gh6Aih
aeH6doaGeth$
w!9>W9i,6
1]H__O_rW
uNj~4`IZ
 
Last edited:
I wouldn't really call it horribly broken but rather very smart. The only issue it has is that it is not documented correctly. But the approach to dynamically adjust the minimum number of characters based on the variety of the string is some smart piece of software, not just an ordinary algorithm.
 
Peter Debik said:
I wouldn't really call it horribly broken but rather very smart. The only issue it has is that it is not documented correctly. But the approach to dynamically adjust the minimum number of characters based on the variety of the string is some smart piece of software, not just an ordinary algorithm.
Click to expand...
I would call accepting 123$%&A (only 7 characters!) as "strong" horribly broken.
 
Agree. A password of 7 characters is from the day before yesterday. I was just wondering why symbols like ~ or > are rejected? There must be a justification behind this, but I cannot figure out any.
 
You must log in or register to reply here.

Similar threads

M
Issue Very strong password problem...
Replies
2
Views
902
MicheleP
M
S
Issue [BUG] Plesk Password not strong enough?
Replies
4
Views
2K
IgorG
IgorG
B
Issue Password strength policy displayed to users does not match the one chosen by admin
Replies
0
Views
1K
blipp
B
P
Question How to let customers to choose passwords length?
Replies
0
Views
656
Pavlo.UA
P
D
Password security "secure" does not recognize a secure password as secure but as 'medium'
Replies
6
Views
1K
D3nnis3n
D
Back
Top