8
Stronger Password Requirements
Idea shared by Linda Pagillo - 11/4/2021 at 8:47 AM
Under Consideration
Good morning everyone! I have a feature request please...

I have a concern about the "must not match username" password policy option in SM.
 
From what i understand, that means that someone with the email address linda@blah.com cannot have a password of linda
 
 That's fine and well, but my concern...
 
Let's say linda@blah.com had a password of Linda1... would that not be just as easy to brute force as a password of linda? The difference is only one cap and one number.
 
 Do you see where I'm getting at?
 
I'm not sure if allowing a password of Linda1 for a user called linda@blah.com is a good idea, but current SM let's you do that because it technically does not match the username.
 
Is there anything you guys are planning to do to make this more secure? If not, may I request it?
 
Thanks! :)
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 

2 Replies

Reply to Thread
2
Employee Replied
Employee Post
Hi Linda,

I'd be happy to get this submitted as a feature request on your behalf. In the meantime, utilizing the other password requirement options can help alleviate weak passwords as with your example. You can try increasing the minimum password length and turn on more, if not all, of the other requirements.
0
Thanks a bunch Emily! That's what we are doing in the meantime :)
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller

Reply to Thread