Trivially weak passwords are permitted. - why issue
The security advisor (Home "Security Center "Security Advisor)
says:
[QUOTE]Trivially weak passwords are permitted.
Configure Password Strength requirements in the "Password Strength Configuration" area
i have strength 10 in Home "Security Center "Password Strength Configuration i thought there is a cphulk enabled which prevent excessive password guessing, so why i should worry having allowed this lower level of password complexity?
i have strength 10 in Home "Security Center "Password Strength Configuration i thought there is a cphulk enabled which prevent excessive password guessing, so why i should worry having allowed this lower level of password complexity?
-
[quote="postcd, post: 1728541">i thought there is a cphulk enabled which prevent excessive password guessing, so why i should worry having allowed this lower level of password complexity?
Hello :) cPHulk is designed to help prevent brute force attacks, but it does not prevent someone from attempting them, and is not a replacement for good security practices. Using a strong password increases the number of login attempts it takes to crack a password. Thank you.0 -
Because Hackers now employ distributed slow brute force attacks which if I am am not mistaken cphulk does not defend against this. Michael can confirm or deny this if its true Best to install csf & enable distributed attack protection even though you customers may not like it you have to protect them from their own stupidity 0 -
Yes, it's true that someone could just attempt a low number of logins per hour and not trigger a block from cPhulk. The "Scenario" section in our cPHulk documentation page explains this: cPHulk Brute Force Detection It's one of several reasons why strong passwords should always be used. Thank you. 0
Please sign in to leave a comment.
Comments
3 comments