Password strength

In create account page you have add password, but if you using google recaptch isn't is wiser to lower password strength reqs.? I had at least one capital and one small letter and special key and a number. Now I am thinking about at least 6 chars of anything.

Replies (12)

· Baloo

· 2018-11-02T21:55:44+0000
Am a little agree with you Hodor, many of my members make this remark it is worse than my bank here ...
· Alex T⚜️

· 2018-11-04T02:18:59+0000
It's possible to change it via Studio > Developer > Forms > Fields > System > Create Account > edit "Password" field > change Regular Expression to something like this:
/^.{8,}$/
Also you will need to change translation for _sys_form_account_input_password_error language key
· Baloo

· In reply to

Alex T⚜️

· 2018-11-05T14:25:52+0000
Thank you Alex, but what does this expression mean? 8 is the number of characters required?
· Hodor Hodor

· 2018-11-05T22:00:09+0000
Yes. And ^.{6,8}$ is min 6 and max 8
· Baloo

· In reply to

Hodor Hodor

· 2018-11-15T09:04:24+0000
Thanks Hodor
· Andy@Stitchtalk.com

· 2019-03-05T20:22:06+0000
Is there a place to change the outgoing pregenerated password when they request a reset?
I would like it to just be alphanumeric or even simpler.
· LeonidS

· 2019-03-06T11:47:38+0000
Hello Andy@Stitchtalk.com !
This part depends on genRndPwd function (inc/utils.inc.php - the file where it was declared) and method protected function generateUserNewPwd($iAccountId) (template/scripts/BxBaseServiceAccount.php - the file where it is called). So you may change the code there. But better to redeclare generateUserNewPwd in your current template script like for Protean it would be modules\boonex\protean\data\template\system\scripts\BxTemplServiceAccount.php
· Andy@Stitchtalk.com

· In reply to

LeonidS

· 2019-03-06T14:02:21+0000
I'm hosted in on una cloud-4 and I can't get to any of that. Is this something you can change for me?
I would just like only alphanumeric A-Z a-z 0-9 no symbols
· Alex T⚜️

· In reply to

Andy@Stitchtalk.com

· 2019-03-08T10:07:04+0000
We can change it for you, since it's very minor modification, but it's better to ask your users to change autogenerated password to their own.
Also why you want to change autogenerated password to be alphanumeric only ?
· Andy@Stitchtalk.com

· In reply to

Alex T⚜️

· 2019-03-08T12:10:42+0000
This is why :D
· Andy@Stitchtalk.com

· 2019-03-08T12:56:28+0000
I got my first computer when I was 14, these ladies were using type writers. They don't copy and paste. They will literally try to read it and type the password. Most of them are on mobile or tablets too.

Also, if they are savvy enough to copy and paste these passwords are a pain in the butt. You can't double click on them.
I just pulled these out of mandrill and you can see the difference right away.
OLD:
New:
and as far as "security" goes. These examples are actual passwords that were just assigned by my site today, but they are completely useless to anyone on here because you don't know who's email is being used. I've set the lock out to 12 attempts. Good luck! :D
· Alex T⚜️

· 2019-03-13T09:19:49+0000
Thank you for the explanation, we'll change it in the next update - https://github.com/unaio/una/issues/2013