Security - Password Strength Report

From All n One's bxp software Wixi

Revision as of 20:19, 28 June 2016 by Philip Lacey (talk | contribs)
Jump to: navigation, search

With bxp software (bxp) in the System Access Management module 016.png there are a number of security reports within the Security Reports section.


Main Menu > System Access Management > Security Reports > Security - Password Strength


One of these reports is the Password Strength Report. This report allows for a review of the strength of users passwords.


SecurityReports-PasswordStrength 001.png


Password strength is determined according to Google's Password rating system API. http://www.codeproject.com/Articles/19245/Google-Password-Strength-API


1 = Weak, 2 = Medium, 3 = Strong, 4 = Best


The report allows you to group the types before display. Using All allows you to see all non-retired users in a single report.


SecurityReports-PasswordStrength 002.png


Update

As of 2016-06-28, the Google API wasn't available which caused the bxp reporting to not display correctly.


To prevent this occurence and also remove dependence on an external service we've implemented a security engine based on the following stack overflow discussion.

http://stackoverflow.com/questions/75057/what-is-the-best-way-to-check-the-strength-of-a-password


So now the rule for providing the 1 to 4 rating is:

  • If > 8 characters, 1 point
  • If Upper and lower characters, 1 point
  • If letters and at least 1 number, 1 point
  • If special character, 1 point
  • If a pass phrase, i.e. longer than 25 characters, instant 4 points
  • If 0 points, then, round up to 1 for a weak password.


Whilst far from perfect it does provide a reasonable approximation of the results.

Retrieved from ‘https://www.bxpsoftware.com/wixi/index.php?title=Security_-_Password_Strength_Report&oldid=6834