Installation and deployment Questions on installation, system configuration and deployment to the live server.
Version 5.x > Installation and deployment > Enforcing Password Strength View modes: 
User avatar
Certified Developer v7
Certified  Developer v7
Chris Riley - 2/17/2011 4:49:02 PM
   
Enforcing Password Strength
Hi,

Is there any way in Kentico to enforce password strength? The .NET Membership provider gives us ways to specify minimum password length but Kentico doesn't seem to support this. I couldn't find any settings in Site Manager to control it either.

I need to implement this for a client's website. This is a pretty basic feature that I had assumed was a part of Kentico, am I missing it somewhere? We are using Kentico v5.5R2

User avatar
Kentico Support
Kentico Support
kentico_radekm - 2/18/2011 4:43:18 AM
   
RE:Enforcing Password Strength
Hello.

There is a property called "Password min. length" in Registration form properties.

You can set its value to any number to define password length/strength.

Best Regards,
Radek Macalik

User avatar
Certified Developer v7
Certified  Developer v7
Chris Riley - 2/18/2011 7:47:56 AM
   
RE:Enforcing Password Strength
Thank you for your response.

The website I am working on will not have public registration, users will be created in CMSDesk. Ideally I need something that will work for all users, even cms editors and administrators.

Also there is no properties for controlling password length on the ChangePassword webpart so we can't enforce any rules when a users changes their password. I'm thinking I will have to modify this webpart and add the logic in myself, but there's no way to control passwords for cms editors and users since cmsdesk doesn't use webparts to change passwords.

User avatar
Kentico Support
Kentico Support
kentico_radekm - 2/23/2011 8:48:39 AM
   
RE:Enforcing Password Strength
Hello.

In these cases you will need to modify code-behind files and ensure requested functionality by a customization.

For Change password web part, you can do it in \CMSWebParts\Membership\Profile\ChangePassword.ascx.cs, in btnOk_Click method. Here you can check length of password like this:

if (txtNewPassword.Text.Length > X)
{
}


The same can be done for Site Manager/Administration/Users/Password page. It uses CMSSiteManager/Administration/Users/User_Edit_Password.aspx page, and you can check it in ButtonSetPassword_Click method.

Best Regards,
Radek Macalik