Jump to content
  • 0

Generate Password

a.daniello

Asked by a.daniello,

 Share

Question

13 answers to this question

Recommended Posts

  • 0
Tyson Newbie

Tyson

Posted
Posted

Also Add Password Score to must need score 50+ otherwise basic password not taken Like (Ex: 123456).because Here is customer domain and hosting.

 

 

Thank you

 

Attributing a "score" to passwords would be arbitrary, unless you have specific requirements that dictate how such a score could be constructed? Passwords may need to conform to different guidelines depending on where it is used and what it helps to protect. I wouldn't want someone to think that an arbritrary score of "100" somehow makes a password secure.

Link to comment
Share on other sites
  • 0
Jonathan Newbie

Jonathan

Posted
Posted

Attributing a "score" to passwords would be arbitrary, unless you have specific requirements that dictate how such a score could be constructed? Passwords may need to conform to different guidelines depending on where it is used and what it helps to protect. I wouldn't want someone to think that an arbritrary score of "100" somehow makes a password secure.

 

Scores for passwords in applications are generally derived by meeting certain criteria, most often times javascript is use to determine this "on the fly".  For example: https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

 

Sure it's somewhat arbitrary, but creating secure passwords really isn't hard so having an arbitrary meter to help guide people would be very useful.

Link to comment
Share on other sites
  • 0
Tyson Newbie

Tyson

Posted
Posted

The problem with using an arbitrary password score in Blesta is that each password field would need to define its own requirements and its own algorithm for calculating scores since the passwords Blesta accepts range from Blesta account passwords to cPanel account passwords and more, and each system has different requirements. For example, if cPanel only allows up to 12 character passwords, and Blesta only allows 13+ characters to be scored at 100, it gives the false impression that there is more to be gained.

 

Personally, I don't think a password score is necessary. I think it would be more beneficial to show whether the password conforms to its given password requirements, and then the requirements can be set to whatever you would determine a score of 100 to be.

Link to comment
Share on other sites
  • 0
Jonathan Newbie

Jonathan

Posted
Posted

The problem with using an arbitrary password score in Blesta is that each password field would need to define its own requirements and its own algorithm for calculating scores since the passwords Blesta accepts range from Blesta account passwords to cPanel account passwords and more, and each system has different requirements. For example, if cPanel only allows up to 12 character passwords, and Blesta only allows 13+ characters to be scored at 100, it gives the false impression that there is more to be gained.

 

Personally, I don't think a password score is necessary. I think it would be more beneficial to show whether the password conforms to its given password requirements, and then the requirements can be set to whatever you would determine a score of 100 to be.

 

Fair enough.  Technically speaking that makes good sense.

 

A password requirement criteria would be just as good if not better.  All I'm looking to do is force people's "password123" passwords into something a bit better.  Whether it's by means of an arbitrary score or set of requirements I don't really care as long as it's user-friendly.  Perhaps with this criteria ruleset instead of a score a javascript list of requirements that'd "tick" when the requirement was met would be nice.

Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

Password scores can be useful to end-users by simply making them think about their password selection. If they want to choose something we arbitrarily deem as "poor" security-wise, then at least they are making a conscience decision about it. It may nudge people into creating a better password, and save us the headache of a breached account.

 

In terms of arbitrary, the link Jonathan posted -- https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/ probably best fits with our understanding of secure passwords. Length is better than special characters, and passwords that are difficult for computers to guess but easy for people to remember.

 

Worth considering.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...