Topic: Password policy is a puzzle on SME Server 11 beta

[evilmrb]

Nice to see a new version of SME Server to try out. The slightly changed look is enough to look modern but not so much as to be unfamiliar. However, trying to set up new users was really frustrating. Every attempt I made was greeted with a complaint about something I hadn't done. Referring to the wiki I quickly discovered that the password rules from older versions no longer apply - 7 chars in particular. I would urge you to change the user creation screen to include some text to say what the password rules actually are to avoid putting people off.

[TerryF]

noted, thank you for testing and feedback

You can reset the strength back to old setting if needed

[ReetP]

You can check the AdminLTE theme too for something more bootstrapy.

Password length increased because it's 2025 and things have changed, but yes, the language files & messaged are still WIP so noted.

[brianr]

https://bugs.koozali.org/show_bug.cgi?id=13090

[Jean-Philippe Pialasse]

as per https://bugs.koozali.org/show_bug.cgi?id=12991

Password rules:
none:           Minimum length only.
normal:         Minimum length, at least one uppercase and one lowercase letter.
intermediate:   Minimum length, at least one uppercase, one lowercase letter, and one number.
strong:         Minimum length, at least one uppercase, one lowercase letter, one number, one special character, and dictionary check.

pasword minimal length could be set, default is 12.

we removed the initial obligation for specific characters. it does not help that mich in bruteforce and limit ability for user to remember the password, which reduce the strength of it. 

see https://www.hivesystems.com/blog/are-your-passwords-in-the-green

if using lowercase only this is good for years.  of course if you use digits only, way less efficient.