+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / The password must be at least 7 characters long.

The password must be at least 7 characters long.

8 posts, 1 answered
  1. Andrei
    Andrei avatar
    553 posts
    Registered:
    27 Nov 2008
    01 Dec 2010
    Link to this post
    Hi,

    Is there a way to relax this requirement to have at least 7 characters long. We have a client who wants to log in with  4 character PIN numbers. When you create a new user, I think the requirements for password strength should be optional. Have a selection: 1 - no password required, 2 - at least 1 char required, 3 - at least 7 char required and 4 - at least 7 alphanumeric (must contain numbers and letters) characters required.

    Good idea???

    Many thanks,
    Andrei

    -----
    Further thought: I would have this restrictions attributed to Roles. In other Words, when creating a new role or existing ones already can be configured so that the users in that role must have a given strength-level password. That way the role 'Farmers' the users in which always forget their password can have a simple password (the name of their dog).

    Of course, you need to think it through when a user is a member of multiple roles. a check on the users password needs to be made to make sure s/he canbe added to a role which require a more secure password.

    Thanks.
  2. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    01 Dec 2010
    Link to this post
    Hello Andrei,

    Thank you for contacting Telerik Support.

    By default our membership provider has a property which you can set for the minimum required password length. You should go to Administration -> Settings -> Advanced -> Security -> Membership Providers -> Default -> Parameters and edit the value of minRequiredPasswordLength parameter.

    Unfortunately it seems that there is a bug in the current release which does not consider this setting. It is already logged for fixing (#100806).

    Best wishes,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Andrei
    Andrei avatar
    553 posts
    Registered:
    27 Nov 2008
    02 Dec 2010
    Link to this post
    Radoslav, I guess I missed the points then. Ah well.
    Many thanks,
    Andrei
  4. LouiseBA
    LouiseBA avatar
    61 posts
    Registered:
    23 Mar 2010
    11 Jan 2011
    Link to this post
    Hi can you tell me where this section is. I cannot find the Settings area in Administration at all what am I missing?!

    Our client requires minimum pw length, a certain complexity and preferably an automatic 'please change password' after x weeks functionality.  They say as it is it is not secure enough. This isnt possible with 3.7 is it?

    thanks
  5. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    11 Jan 2011
    Link to this post
    Hello,

    In 3.x you should use the web.config and membership provider declaration to any modifications to the provider parameters.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. Andrei
    Andrei avatar
    553 posts
    Registered:
    27 Nov 2008
    07 Mar 2011
    Link to this post
    Radoslav,

    Has the issue about minRequiredPasswordLength been fixed yet? I am trying in SP1 and having troubles.
    Also, I do not want to enter an email address. In fact I would remove the email address field.

    Thanks,
    Andrei
  7. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    10 Mar 2011
    Link to this post
    Hi Andrei,

    Did you restart the application when you changed the minimum password lenght? You must restart to apply the configuration. Unfortunately the e-mail field cannot be disabled.

    All the best,
    Radoslav Georgiev
    the Telerik team
    Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!
    Answered
  8. Andrei
    Andrei avatar
    553 posts
    Registered:
    27 Nov 2008
    10 Mar 2011
    Link to this post
    Radoslav,

    I do not remember if I did or not, but instead I logged in with the long password and changed the password 
    through the profile functionality and it allowed me to enter a 3 character password. 

    So I am ok now. Shame about the email, but it is not a big deal.

    Many thanks again,
    Andrei
Register for webinar
8 posts, 1 answered