Back to Search

Setting Password Complexity Rules

Document ID: 10541

Synopsis

MailSite 10.2 allows administrators to set various conditions for user passwords.

More Information

Setting Password Complexity Rules

MailSite 10.2 allows administrators to set various conditions for user passwords.

MailSite 10.2 now includes the ability to give administrators greater control on setting password requirements for users. This will ensure that a strong password is now in place to prevent against compromised accounts sending spam.

Setting the Rules

Find the file called PasswordComplexity.asmx at the following location: C:\Program Files\MailSite\WebServices\Web.UI\SettingsManager\SettingsEditors

This file can be opened and altered within a text editor. We recommend you take a backup of the original file before making any changes so you can revert to this if so desired.

Types of Rules

There are two types of rules that an administrator can enforce upon users:
  • Compulsory Rules
  • Optional Rules

At the top of the file is the line below. Set this to the number of optional tests that must be passed in order for a password to be accepted.

private static int s_MinOptionalPass = 0

Rules and Options

Listed below are the various rules that administrations can enable. Each rule also contains different options that can be configured as you wish.
Minimum Password Length
  • Turn the test on, if set to false the test will not be run.
    • bool m_CheckLength = true
  • Set the required length
    • int s_PasswordLength = 6
  • Choose if this a compulsory test, set to true to enable
    • bool m_CheckLength = true
Contain Upper and Lower Case Characters
  • Turn the test on, if set to false the test will not be run.
    • bool m_CheckCaseMix = true
  • Choose if this a compulsory test, set to true to enable
    • bool s_CaseMixCompulsory = false
Must Contain Digits
  • Turn the test on, if set to false the test will not be run.
    • bool m_CheckDigits = true
  • Choose if this a compulsory test, set to true to enable
    • bool s_CheckDigitsCompulsory = false
Refuse Ambiguous Characters
  • Turn the test on, if set to false the test will not be run.
    • bool m_CheckSimilarCharacters = false
  • Characters which are not allowed
    • string s_SimilarCharacters = "iIl1|0oO";
  • Choose if this a compulsory test, set to true to enable
    • bool s_SimilarCharsCompulsory = false;
Must Contain Punctuation Characters
  • Turn the test on, if set to false the test will not be run.
    • bool m_CheckPunctuation = true;
  • Characters deemed as punctuation characters to be used.
    • string s_PunctuationCharacters = "!\"£$%^&*()-_+=/{}[];:@'#~|\\<>?,.`¬";
  • Choose if this a compulsory test, set to true to enable
    • bool s_PunctuationCharsCompulsory = false;
Can't Contain Name
  • Turn the test on, if set to false the test will not be run.
    • bool m_CheckName = true;
  • Choose if this a compulsory test, set to true to enable
    • bool s_CheckNameCompulsory = true;

User Experience

Within ExpressPro under the Settings > Password section this now includes a 'rules' button. If clicked this will show the user the required rules the administrator has enforced.

When selecting a new password should this not meet the password complexity specified then the user will see this rules screen again with a red cross against the rules not met and a green tick against those met to help them choose another password to set.