Password strength is never good enough for WHM

NestMan

• June 27, 2016 20:05

I keep changing it higher to appease WHM, but then the cPanel Security Advisor keeps complaining that its not high enough. Now it's asking for a password that has a strength of 65. Where does it end? Thank you.

• 

  twhiting9275

  • June 28, 2016 01:47

  Use the password generator. I'm willing to bet that'll get you a successful password

  0
• 

  keat63

  • June 28, 2016 10:50

  Put your car registration number on the end. Easy to remember, hard to hack.

  0
• 

  cPanelMichael

  • June 28, 2016 17:37

  Hello, Security Advisor utilizes different types of alerts, depending on the severity of the issue. This includes warnings, possible issues, and informational alerts. You encountered multiple alert types in this instance based on the minimum password strength values you configured. You can find more information on the different types of alerts on the for anyone interested in how the password strength check functions on the backend: [SPOILER="Security Advisor - sub _check_for_low_pwstrength">
  sub _check_for_low_pwstrength { my ($self) = @_; my $security_advisor_obj = $self->{'security_advisor_obj'}; if ( !$security_advisor_obj->{'cpconf'}->{'minpwstrength'} || $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 25 ) { $security_advisor_obj->add_advice( { 'type' => $Cpanel::Security::Advisor::ADVISE_BAD, 'text' => ['Trivially weak passwords are permitted.'], 'suggestion' => [ 'Configure Password Strength requirements in the "[output,url,_1,Password Strength Configuration,_2,_3]" area', $self->base_path('scripts/minpwstrength'), 'target', '_blank' ], } ); } elsif ( $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 50 ) { $security_advisor_obj->add_advice( { 'type' => $Cpanel::Security::Advisor::ADVISE_WARN, 'text' => ['Password strength requirements are low.'], 'suggestion' => [ 'Configure a Default Password Strength of at least 50 in the "[output,url,_1,Password Strength Configuration,_2,_3]" area', $self->base_path('scripts/minpwstrength'), 'target', '_blank' ], } ); } elsif ( $security_advisor_obj->{'cpconf'}->{'minpwstrength'} < 65 ) { $security_advisor_obj->add_advice( { 'type' => $Cpanel::Security::Advisor::ADVISE_INFO, 'text' => ['Password strength requirements are moderate.'], 'suggestion' => [ 'Configure a Default Password Strength of at least 65 in the "[output,url,_1,Password Strength Configuration,_2,_3]" area', $self->base_path('scripts/minpwstrength'), 'target', '_blank' ], } ); } else { $security_advisor_obj->add_advice( { 'type' => $Cpanel::Security::Advisor::ADVISE_GOOD, 'text' => ['Password strength requirements are strong.'], } ); } return 1; } 1;
  Thanks!

  0

Please sign in to leave a comment.