Password
Passwords are required for all users to authenticate or access private groups.
Password policy
From version 5.1 onwards, PageSeeder enforced a stronger password policy for all users.
The strength of each password is evaluated, from WEAK to STRONG, according to various criteria.
The following affect the password strength positively:
- The length of the password.
- The presence of digits or special characters.
- Whether mixed case characters have been used.
The following might affect the password strength negatively:
- Some characters are repeated.
- Some common sequences, such as ‘123456’ or ‘qwerty’ are used.
Acceptance criteria
| Users | Minimum Strength |
|---|---|
| Default | MEDIUM |
| Administrators | STRONG |
Generating passwords
The following table shows the length required to generate the different strength levels.
The minimum length is the length required to pass the level if it includes at least a special character, a digit, and uses mixed case. The safe length is the length required to pass the level if it includes only lower case characters and 1 digit. The letter length is the length required to pass the level if it includes only lower case characters.
| Strength | Minimum Length | Safe Length | Letter Length |
|---|---|---|---|
| WEAK | 0 | 0 | 0 |
| MEDIUM | 7 | 8 | 12 |
| GOOD | 9 | 12 | 14 |
| STRONG | 12 | 15 | 18 |
Banned passwords
Some passwords are on the banned password list and aren’t accepted, regardless of whether they meet other criteria. They are common passwords which could be used for dictionary attacks.
Examples of banned passwords: password, passw0rd, pageseeder, 123456
Blank passwords
From version 5.1 onward, blank passwords are no longer permitted.