Difference between revisions of "Security - Password Strength Report"

From All n One's bxp software Wixi

Jump to: navigation, search
Line 30: Line 30:
  
  
To prevent this occurence and also remove dependence on an external service we've implemented a security engine based on the following stack overflow discussion.
+
To prevent this occurence and also remove dependence on an external service we've implemented a security engine, that caters for four password minimum levels Weak, Medium, Strong and Best. Please find below the minimum password requirments for each level:
  
http://stackoverflow.com/questions/75057/what-is-the-best-way-to-check-the-strength-of-a-password
 
  
  
So now the rule for providing the 1 to 4 rating is:
+
== Weak Password Minimum Requirements ==
  
* If > 8 characters, 1 point
+
 
* If Upper and lower characters, 1 point
+
1) New password and confirm new password must match
* If letters and at least 1 number, 1 point
+
 
* If special character, 1 point
+
2) Length needs to be 8
* If a pass phrase, i.e. longer than 25 characters, instant 4 points
+
 
* If 0 points, then, round up to 1 for a weak password.
+
 
 +
[[File:bxp_weak_password.png|800px]]
 +
 
 +
 
 +
== Medium Password Minimum Requirements ==
 +
 
 +
 
 +
 
 +
1) New password and confirm new password must match
 +
 
 +
2) Length needs to be 8
 +
 
 +
3) Not contain Spaces
 +
 
 +
4) Must contain at lease one symbol
 +
 
 +
 
 +
[[File:bxp_medium_password.png|800px]]
 +
 
 +
 
 +
== Strong Password Minimum Requirements ==
 +
 
 +
 
 +
1) New password and confirm new password must match
 +
 +
2) Length needs to be 8
 +
 
 +
3) Not contain Spaces
 +
 +
4) Must contain at lease one symbol
 +
 +
5) Must contain at least one number
 +
 +
6) Must contain at least one Uppercase letter
 +
 
 +
 
 +
 
 +
[[File:bxp_strong_password.png|800px]]
 +
 
 +
 
 +
== Best Password Minimum Requirements ==
 +
 
 +
 
 +
1) New password and confirm new password must match
 +
 +
2) Length needs to be 8
 +
 
 +
3) Not contain Spaces
 +
 
 +
4) Must contain at lease one symbol
 +
 
 +
5) Must contain at least one number
 +
 +
6) Must contain at least one Uppercase letter
 +
 
 +
7) Not contain the the same character 3 times in a row
 +
 
 +
8) Must not contain both the first name of the user or the surname of the use
 +
 
 +
 
 +
[[File:bxp_best_password.png|800px]]
 +
  
  

Revision as of 10:16, 2 February 2017

With bxp software (bxp) in the System Access Management module 016.png there are a number of security reports within the Security Reports section.


Main Menu > System Access Management > Security Reports > Security - Password Strength


One of these reports is the Password Strength Report. This report allows for a review of the strength of users passwords.


SecurityReports-PasswordStrength 001.png


Password strength is determined according to Google's Password rating system API. http://www.codeproject.com/Articles/19245/Google-Password-Strength-API


1 = Weak, 2 = Medium, 3 = Strong, 4 = Best


The report allows you to group the types before display. Using All allows you to see all non-retired users in a single report.


SecurityReports-PasswordStrength 002.png


1 Update

As of 2016-06-28, the Google API wasn't available which caused the bxp reporting to not display correctly.


To prevent this occurence and also remove dependence on an external service we've implemented a security engine, that caters for four password minimum levels Weak, Medium, Strong and Best. Please find below the minimum password requirments for each level:


1.1 Weak Password Minimum Requirements

1) New password and confirm new password must match

2) Length needs to be 8


bxp weak password.png


1.2 Medium Password Minimum Requirements

1) New password and confirm new password must match

2) Length needs to be 8

3) Not contain Spaces

4) Must contain at lease one symbol


bxp medium password.png


1.3 Strong Password Minimum Requirements

1) New password and confirm new password must match

2) Length needs to be 8

3) Not contain Spaces

4) Must contain at lease one symbol

5) Must contain at least one number

6) Must contain at least one Uppercase letter


bxp strong password.png


1.4 Best Password Minimum Requirements

1) New password and confirm new password must match

2) Length needs to be 8

3) Not contain Spaces

4) Must contain at lease one symbol

5) Must contain at least one number

6) Must contain at least one Uppercase letter

7) Not contain the the same character 3 times in a row

8) Must not contain both the first name of the user or the surname of the use


bxp best password.png


Whilst far from perfect it does provide a reasonable approximation of the results.

Retrieved from ‘https://www.bxpsoftware.com/wixi/index.php?title=Security_-_Password_Strength_Report&oldid=7318