Password strength is a measure of a password’s resistance against
guessing or brute-force
attacks. The
strength of a password depends on its length, complexity, and
unpredictability. You can make your server more resistant to brute-force
attacks by changing the default password strength policy.
When configuring the password strength policy in Plesk, you can choose
from five password strength levels, ranging from “Very weak” to “Very
strong”. Changing the password strength policy to a stricter one
increases the minimum password length, and also makes it mandatory to
use different types of characters in passwords (upper- and lowercase
characters, digits, and special characters). Whenever a Plesk user sets
a new password or changes an existing one, they are required to adjust
the password until it meets the requirements of the password strength
policy currently in effect.
By default, the password strength policy is set to “Very Weak”.
Selecting a stricter password strength policy makes Plesk users employ
strong passwords. Such passwords are more secure, but are harder to
remember.
The password strength policy is applied to the following Plesk
passwords:
- Passwords used to log in to Plesk.
- Subscription system users’ passwords.
- Database users’ passwords.
- Mailbox passwords.
To change the password strength policy for Plesk users:
-
Go to Tools & Settings > Security Policy (under “Security”),
and then scroll down to the “Password strength” section. -
Under “Minimum password strength”, select the radio button
corresponding to the desired password strength policy. -
Click OK.
with