password strength of less than 10 necessary

  • Hi,

    I saw similar requests in this forum earlier but no fix if i understand it right, please excuse If I did get it wrong. I really like this plugin but would need to set the password strength to 7 keys instead of 10. Automatically the plugin enforces a minimum of 10 keys. While I love that the plugin enforces the use of upper and lower case and special symbols my client wants me to use 7 keys as 10 is too much for them. The site is hosted on their own server as an intranet using their own security on top.

    If there is a tweak to this it would be highly appreciated.

    Best regards,
    Max

Viewing 2 replies - 1 through 2 (of 2 total)

  • 7 characters is hideously insecure. I would strongly suggest educating them on password strength policy.

    Agree w Meerkat. Look up Readable Passphrase Generator- https://makemeapassword.org/#getpassword
    =>memorable, secure passphrases.

    I detest sites that limit users to length of 10 or 12, because it means you either use an insecure pw or one that’s impossible to remember (JyMe,(3$]pw). Ech. Four/five words or a 40 char phrase are secure. (“Edible sunlamps defer all readable politicians”) which can be improved: (“Edible sunlamps defer?? all blue34politicians”) Etc.

    The biggest risk is not direct attacks, but offline, high speed attacks. ArsTechnica had some great articles on PW cracking, and the vulnerability of any phrase that appears anywhere online. (Givemelibertyorgivemedeath and all its variants.)

    Implementing Password bcrypt plugin and Google Authenticator – Two Factor Authentication will also improve your site’s security.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘password strength of less than 10 necessary’ is closed to new replies.