1

Topic: Password complexity requirements in iredmail?

==== Required information ====
- iRedMail version: 1.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Linux/BSD distribution name and version: ubuntu 12.04
- Related log if you're reporting an issue:
====


In roundcube we can force users to use a non-alphanumeric character in their passwords, but is there any similar option within iredmail?

Ideally we'd like to force users to use a capital and number or special character. The platform that we're migrating users from has a big problem with accounts being compromised due to users using really simple passwords.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by camel1cz 2014-02-25 01:17:40)

Re: Password complexity requirements in iredmail?

Not exactly answer but: majority of compromises comes from viruses and not brute force attacks. And also it's relatively easy to protect server against password guessing.

So I wouldn't expect much from complex passwords - better make sure you detect and disable compromised accounts as quick as possible.

Just my 5 cents

3

Re: Password complexity requirements in iredmail?

that's generally true (and it is on one of our mail platforms) but when you're dealing with the sort of userbase that thinks "password1" is a good password, you really need to give them all the prompting possible.

4

Re: Password complexity requirements in iredmail?

vmos wrote:

In roundcube we can force users to use a non-alphanumeric character in their passwords, but is there any similar option within iredmail?

Excuse me, what do you mean "similar option within iRedMail"? Roundcube webmail is the only entrance where user can change password.

5

Re: Password complexity requirements in iredmail?

that's true for the average user, but because of legacy considerations, we're also obliged to create a large number of admins, each of whom will have access to a single domain

6

Re: Password complexity requirements in iredmail?

Then which entrance do they use? iRedAdmin-Pro? So you want to force password complexity in iRedAdmin-Pro, right?