Difference between revisions of "Security - Password Strength Report"
From All n One's bxp software Wixi
Philip Lacey (talk | contribs) |
Philip Lacey (talk | contribs) |
||
| Line 21: | Line 21: | ||
[[File:SecurityReports-PasswordStrength_002.png|800px]] | [[File:SecurityReports-PasswordStrength_002.png|800px]] | ||
| + | |||
| + | |||
| + | |||
| + | = Update = | ||
| + | |||
| + | |||
| + | As of 2016-06-28, the Google API wasn't available which caused the bxp reporting to not display correctly. | ||
| + | |||
| + | |||
| + | To prevent this occurence and also remove dependence on an external service we've implemented a security engine based on the following stack overflow discussion. | ||
| + | |||
| + | http://stackoverflow.com/questions/75057/what-is-the-best-way-to-check-the-strength-of-a-password | ||
| + | |||
| + | |||
| + | So now the rule for providing the 1 to 4 rating is: | ||
| + | |||
| + | * If > 8 characters, 1 point | ||
| + | * If Upper and lower characters, 1 point | ||
| + | * If letters and at least 1 number, 1 point | ||
| + | * If special character, 1 point | ||
| + | * If a pass phrase, i.e. longer than 25 characters, instant 4 points | ||
| + | * If 0 points, then, round up to 1 for a weak password. | ||
| + | |||
| + | |||
| + | Whilst far from perfect it does provide a reasonable approximation of the results. | ||
| + | |||
[[Category:Topic:Security]] | [[Category:Topic:Security]] | ||
Revision as of 20:19, 28 June 2016
With bxp software (bxp) in the System Access Management module 
there are a number of security reports within the Security Reports section.
Main Menu > System Access Management > Security Reports > Security - Password Strength
One of these reports is the Password Strength Report. This report allows for a review of the strength of users passwords.
Password strength is determined according to Google's Password rating system API. http://www.codeproject.com/Articles/19245/Google-Password-Strength-API
1 = Weak, 2 = Medium, 3 = Strong, 4 = Best
The report allows you to group the types before display. Using All allows you to see all non-retired users in a single report.
Update
As of 2016-06-28, the Google API wasn't available which caused the bxp reporting to not display correctly.
To prevent this occurence and also remove dependence on an external service we've implemented a security engine based on the following stack overflow discussion.
http://stackoverflow.com/questions/75057/what-is-the-best-way-to-check-the-strength-of-a-password
So now the rule for providing the 1 to 4 rating is:
- If > 8 characters, 1 point
- If Upper and lower characters, 1 point
- If letters and at least 1 number, 1 point
- If special character, 1 point
- If a pass phrase, i.e. longer than 25 characters, instant 4 points
- If 0 points, then, round up to 1 for a weak password.
Whilst far from perfect it does provide a reasonable approximation of the results.
