Setting Password Quality

Password policy for all child accounts in CloudBlue Commerce (resellers and customers) can be set to strong or none. When you apply the strong password quality level, this mechanism does not allow the subscribers to use passwords that do not meet the requirements defined for that level. If a password is weak, an error message will be displayed. The password check is performed every time a user enters or changes passwords.

The password quality mechanism distinguishes four types of keyboard characters that are used for password creation:

  • Uppercase letter: a letter entered in the upper case. For example, 'A', 'V'.
  • Lowercase letter: a letter entered in the lower case. For example, 'a', 'v'.
  • Numerals: a digit. They are 1,2,3,4,5,6,7,8,9 and 0.
  • Special character: any non-alphanumeric character. For example, '#', '&', '!'.

The mechanism includes an English vocabulary. It checks against commonly used words as well as personal information provided for the account and does not allow the use of either of these for the strong password quality level.

To set the password level:

  1. Go to System > Settings > Security in the Core group > Setup.
  2. On the Password Quality subtab, click Edit to select a password quality level. The following levels are available:

    • None: No password validation. The user is allowed to make up passwords of any length and character types.
    • Strong: The minimum length for a password is seven characters of different types (uppercase and lowercase letters, numerals, and special characters). The user must avoid using dictionary words, personal information and keyboard sequences.
  3. Switch the radio button to the password quality level you wish to apply for the child accounts and click Submit.

After you select a password quality level, you can test it using a password checker found on the Password Quality tab.

Enter a password string in the Password to Check field and click Check Password.

The password checking result is returned. If your password did not pass the check, you are prompted on how to improve your password.

The table below shows the password minimum string lengths (number of characters) depending on the character types used in it for the given password quality level.

 

4 character classes

3 character classes

2 character classes

1 character class

Pass phrase

Minimum required password length

7 symbols

8 symbols

24 symbols

not allowed

11 symbols

Note: The pass phrase must contain at least three different words with digits or special symbols as a delimiter between each pair of words. It may be 11 symbols long and consist of only two character classes.

Additional Password Requirements

Only printable ASCII characters are allowed in a password; using UNICODE is unacceptable.

Generally, a password based on a login name is not allowed, but if the rest of the password is strong enough, then the password is accepted.

When calculating the number of character types, upper-case letters used as the first character and digits used as the last character of a password are not counted. For example, the password 'Atu157!' does not work, because it starts with the upper-case 'A', though 'aTu157!' passes the quality check.

The password length contributes more to the password strength than the number of character classes used in it.

Examples

Weak passwords are listed below together with the messages displayed by CloudBlue Commerce:

  • Password: 123

    Message: The password is too short. Add more characters.

  • Password: 1q2w3e4r

    Message: The password is not strong enough. Add more characters like upper- and lower-case letters, numbers, and special symbols.

  • Password: jjjjjjjjjjjjjjjjjjjjjjjjjjjjjj

    Message: The password is not strong enough. Add more characters like upper- and lower-case letters, numbers, and special symbols.

  • Password: 1fish23.

    Message: The password is not strong enough. Add more characters to your word-based password or replace the word with a less common character sequence.

  • Password: abc1234.

    Message: The password is not strong enough. Add more characters like upper and lower-case letters, numbers, and special symbols. If your password contains a dictionary term, try replacing it with a less common character sequence.

CloudBlue, an Ingram Micro business, uses cookies to improve the usability of our site. By continuing to use this site and/or logging in you are accepting the use of these cookies. For more information, visit our Privacy Policy.