Plesk

How does password strength policy work in Plesk?

  • Dmitry Bystrov

    • Question

    How is password strength determined for Plesk?

    Answer

    Starting from Plesk Obsidian version 18.0.43, the new 3rd-party open-source password estimator was implemented to Plesk and can be enabled as described here.

    Starting from Plesk Obsidian version 18.0.45, the new validator is enabled by default.

    Note: For older versions check the "The old way of password validation" section.

    To validate the password strength use the following procedure:

    1. Access the zxcvbn-ts online validator.
    2. Specify the desired password in the Password field:
    3. After check the score field:

      The score result means the following for the specified password:
      0 - very weak
      1 - weak
      2 - medium
      3 - strong
      4 - very strong 

    The more detailed information about the new feature for password validation you can check here:  https://zxcvbn-ts.github.io/zxcvbn/guide/comparison/

     

    The old way of password validation

    Passwords strength is a sum of the following criteria. All characters are verified against them, every match adds specific score and has specific weight.

    Here are the rules applied for password validation in Plesk Onyx and Obsidian:

    • If a password is 4 or less symbols in length, it gains 3 points.

    • If the length is between 5 and 7, then it gains 6 points.

    • If the length is between 8 and 15, then it gains 12 points.

    • If the length is 16 or more, then it gains 18 points.

    • If password contains at least one lower case letter from ' a ' to ' z ', then it gives 1 point.

    • If there is at least one upper case letter from 'A' to 'Z' , then it brings 5 points.

    • If there is at least one number, then it brings 5 points.

    • If there is at least three numbers, then it brings 5 points.

    • If there is at least one special character from this list (without quotes): " !, @, #, $, %, ^, &, *, ?, _, ~ ", then it brings 5 points.

    • If there is at least two special characters from the list above, then it brings 5 points.

    • If there is both upper and lower case, then it brings 2 points.

    • If both letters and numbers, then it brings 2 points.

    • If there is combination of letters and numbers and special characters, then it will give 2 points.

    Summary:

    • If the sum of points is less than 15, the password is Very Weak.

    • If the sum of points is between 15 and 24, then it is Weak password.

    • If the sum of points is between 25 and 34, then it is Medium password.

    • If the sum of points is between 35 and 44, then it is Strong password.

    • If the sum of points is more than 45, it is Very Strong.

    Example:

    The password P@ssw0rd:

    • Length between 8 and 15 (+12).
    • At least one lower case letter (+1).
    • At least one lower case letter uppercase (+5).
    • At least one number (+5).
    • At least one special character (+5).
    • Have both upper and lower case (+2).
    • Have both letters and numbers (+2).
    • Have letters, numbers and special characters (+2).

    Overall score is 34, which is less than 35. Verdict is Medium.

    Tweet
    Share
    Share
    Email
    0 Shares
    Exit mobile version