Setting Password Complexity Rules
Document #:10541
Applies To:
- MailSite
10.2.x
- ExpressPro
10.2.x
Synopsis:
MailSite 10.2 allows administrators to set various conditions for user passwords.
More Information:
MailSite 10.2 now includes the ability to give administrators greater control on setting password requirements for users. This will ensure that a strong password is now in place to prevent against compromised accounts sending spam.
Setting the Rules
Find the file called PasswordComplexity.asmx at the following location:
C:\Program Files\MailSite\WebServices\Web.UI\SettingsManager\SettingsEditors
This file can be opened and altered within a text editor. We recommend you take a backup of the original file before making any changes so you can revert to this if so desired.
Types of Rules
There are two types of rules that an administrator can enforce upon users:
- Compulsory Rules
- Optional Rules
At the top of the file is the line below. Set this to the number of optional tests that must be passed in order for a password to be accepted.
private static int s_MinOptionalPass = 0
Rules and Options
Listed below are the various rules that administrations can enable. Each rule also contains different options that can be configured as you wish.
Minimum Password Length
- Turn the test on, if set to false the test will not be run.
bool m_CheckLength = true
- Set the required length
int s_PasswordLength = 6
- Choose if this a compulsory test, set to true to enable
bool m_CheckLength = true
Contain Upper and Lower Case Characters
- Turn the test on, if set to false the test will not be run.
bool m_CheckCaseMix = true
- Choose if this a compulsory test, set to true to enable
bool s_CaseMixCompulsory = false
Must Contain Digits
- Turn the test on, if set to false the test will not be run.
bool m_CheckDigits = true
- Choose if this a compulsory test, set to true to enable
bool s_CheckDigitsCompulsory = false
Refuse Ambiguous Characters
- Turn the test on, if set to false the test will not be run.
bool m_CheckSimilarCharacters = false
- Characters which are not allowed
string s_SimilarCharacters = "iIl1|0oO";
- Choose if this a compulsory test, set to true to enable
bool s_SimilarCharsCompulsory = false;
Must Contain Punctuation Characters
- Turn the test on, if set to false the test will not be run.
bool m_CheckPunctuation = true;
- Characters deemed as punctuation characters to be used.
string s_PunctuationCharacters = "!\"£$%^&*()-_+=/{}[];:@'#~|\\<>?,.`¬";
- Choose if this a compulsory test, set to true to enable
bool s_PunctuationCharsCompulsory = false;
Can't Contain Name
- Turn the test on, if set to false the test will not be run.
bool m_CheckName = true;
- Choose if this a compulsory test, set to true to enable
bool s_CheckNameCompulsory = true;
User Experience
Within ExpressPro under the Settings > Password section this now includes a 'rules' button. If clicked this will show the user the required rules the administrator has enforced.
When selecting a new password should this not meet the password complexity specified then the user will see this rules screen again with a red cross against the rules not met and a green tick against those met to help them choose another password to set.
Last revised 2014-2-18