1
Password Requirements?
Question asked by Joshua Parker - November 5, 2014 at 6:12 PM
Answered
I inherited responsibility for our mail server and previously there were no password requirements.  I would like to turn this on and be able to notify any users who do not meet the requirements.  
 
 
 
 
 
 
 
 
 
 
However when I check password policy compliance only 3 users are listed.  My guess is that number should be closer to 300.  How is compliance checked?  Is there a way to force a check if one of the requirements is changed?  I know for a fact that there are far more than 3 users not in compliance for the given domain.

2 Replies

Reply to Thread
1
Andrea Rogers Replied
November 6, 2014 at 9:45 AM
Employee Post
Hi Joshua,
 
When testing in version 13.0, I see that the Password Policy Compliance list is automatically and immediately updated when I change the password requirements. I believe this should function the same way in older versions as well. Which version are you currently running? 
 
One thing you might do to test out whether this is working correctly in your version is change your Minimum Password Length to something very large, such as 25. Click Save, go back to the Manage section and make sure you click the Password Policy Compliance button in the navigation pane again (this will refresh the list). You could also go a step further and create a test user with a password that does not meet the requirements (you'll be able to do this if you're logged in as the System Admin, as password requirements do not apply to Sys Admins). Then check back on the compliancy list to see if that user is listed. 
 
I would suspect that increasing the password length to that high of a value would show a large jump in non-compliant users. It did for me when testing it out. Please let me know what you find. If there is no change in the number of non-compliant users I would recommend opening a support ticket so we can look into this more for you as this is not expected behavior.
 
As a side note, in the latest major release, SmarterMail 13.0, we added new password policy features that you may be interested in. Version 13.x now includes the ability to set a password expiration, notify users when their password needs to be updated, and disable outgoing SMTP for users in violation. 
Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Robert Emmett Replied
November 6, 2014 at 11:43 AM
Employee Post
Joshua,
 
On any of the those accounts that are not showing up on the list, do you have the option "Disable password changes" enabled?  Any accounts with that option set will not be shown as violating password requirements for the fact they can't change the password anyway.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread