Facebook
Twitter
R
Ragefast
Guest
Hello people,
Recently I've been target of spammers which upon further investigation, were using authenticated mail accounts to send mail thru my server, where all these exploited accounts had weak passwords like '123456'.
Although I force my clients with the good-password policy, they are able to change their password from Horde, which doesn't seem to make any checks on the password typed in. I can change their passwords to a safe one, but I feel that it is not right to just change it, because if the user doesn't notice the vulnerability, he will still try to change back to the weak one, which is easy to remember, for example.
Is there a way to block users from being able to change their password to weak ones from the Horde interface? Or even Plesk interface? Because Plesk, even with the dictionary checking turned one, still allows passwords like 123456.
Thanks.
Recently I've been target of spammers which upon further investigation, were using authenticated mail accounts to send mail thru my server, where all these exploited accounts had weak passwords like '123456'.
Although I force my clients with the good-password policy, they are able to change their password from Horde, which doesn't seem to make any checks on the password typed in. I can change their passwords to a safe one, but I feel that it is not right to just change it, because if the user doesn't notice the vulnerability, he will still try to change back to the weak one, which is easy to remember, for example.
Is there a way to block users from being able to change their password to weak ones from the Horde interface? Or even Plesk interface? Because Plesk, even with the dictionary checking turned one, still allows passwords like 123456.
Thanks.
