Stronger Password Requirements

Idea shared by Linda Pagillo - 11/4/2021 at 8:47 AM

Under Consideration

Good morning everyone! I have a feature request please...

I have a concern about the "must not match username" password policy option in SM.

From what i understand, that means that someone with the email address linda@blah.com cannot have a password of linda

That's fine and well, but my concern...

Let's say linda@blah.com had a password of Linda1... would that not be just as easy to brute force as a password of linda? The difference is only one cap and one number.

Do you see where I'm getting at?

I'm not sure if allowing a password of Linda1 for a user called linda@blah.com is a good idea, but current SM let's you do that because it technically does not match the username.

Is there anything you guys are planning to do to make this more secure? If not, may I request it?

Thanks! :)

Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com

Authorized SmarterTools Reseller

Authorized Message Sniffer Reseller

2 Replies

Reply to Thread

Employee Replied

11/15/2021 at 4:37 PM

Employee Post

Hi Linda,

I'd be happy to get this submitted as a feature request on your behalf. In the meantime, utilizing the other password requirement options can help alleviate weak passwords as with your example. You can try increasing the minimum password length and turn on more, if not all, of the other requirements.

Linda Pagillo Replied

11/16/2021 at 7:41 AM

Thanks a bunch Emily! That's what we are doing in the meantime :)

Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller

Back to Community Threads

Please leave this box unchecked

2 Replies

Reply to Thread

Tags

Related Knowledge Base Articles