CSSCurrent en:Password Policy

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche

Security Requirements for passwords

Passwords must contain numbers

Enable this setting to force digits within the password.

Passwords must contain alphabetical characters

Enable this setting to force alphabetical characters within the password.

Passwords must contain special characters

Enable this setting to force special characters within the password.

Passwords must be upper and lower case

Enable this setting to force upper- and lowercase letters within the password

Passwords may not be common words

Enable this setting to countercheck the password, or parts of the password with the dictionary to force users not to use common words in the password. The dictionary consists of English and German words and is applied independently from the language selected in the User Interface.

Customizing the dictionary
You can edit the dictionary and add or remove words which will be rejected as passwords. When adding a new word to the dictionary, please make sure to insert it into the correct line as Cryptshare expects the list to be sorted lexicographically (though capitalization is ignored). Be aware that the password check only considers words with a minimum length of four letters. You can find the dictionary at: `resources/lang/dict/words.lst`

Character repetitions or character sequences are not allowed

Enable this setting to deny the use of character repetitions or sequences within the password. This applies to the following patterns:

Sequence Type


Keyboard Sequences qwert, asdfg, etc.
Alphabetical Sequences abc, xyz. etc.
Numeric Sequences 123 etc.
Character Repetitions aaa, zzz, 111 etc.

The patterns mentioned above are recognized as such beginning with a length of three characters.

Minimum/Maximum Password Length

Forces users to use a minimum/maximum number of characters for the password.

Effects on password generation
The minimum length also determines the length of the automatically generated passwords. During password generation, compliance with the activated password rules (see above) takes precedence over the length specifications (minimum/maximum). This means, for example, if numbers, special characters, lowercase letters and uppercase letters are required, the generated password is at least four characters long, even if the maximum password length is smaller.

Whitespaces within passwords

This setting generally applies and is not visible in the Administration Interface. It forces the users not to use whitespaces within the password, such as 'tab', 'blank space' etc.

Blacklist Characters/Invalid Characters

Characters in this field will not be allowed independently of what has been configured above. If a user enters a password containing one of these characters, the password will not be accepted.

Only for automatically generated passwords

If this option is enabled the blacklist character list will not be taken into consideration for passwords entered manually. Only passwords generated automatically will be affected. This means, that automatically generated passwords won't contain any of the specified characters.

Please use this feature only if you are using the web frontend only. Do not use this feature if you using any of our email integration products or APIs as this may currently lead to passwords being created or entered which are not accepted by the server. Future versions of our email integration add-ins, Robot and APIs will be able to work with the blacklisted characters correctly.