Home › Forums › Conduit: AEP Model › AEP firmware 5.0.0: PASSWORD
Mike McNeil.
Jonathan BrewerHey Multitech,
You’ve enforced some bogus password requirements and they BREAK our existing conventions. It’s possible to have a secure password WITHOUT requiring multiple character classes.
The US government has some standards here: https://jumpcloud.com/blog/nist-800-63-password-guidelines/ could you try following them? In the meantime, post a method for us to override your broken, broken, horribly broken and extremely damaging requirements:
BAD PASSWORD: not enough character classes
Thanks,
Jon
Jonathan BrewerNeed a solution here Multitech.
Jonathan BrewerIs there some reason no one from Multitech wants to comment here?
The requirements below are wrong. They contravene US govt standards published in NIST 800-63-3: https://pages.nist.gov/800-63-3/sp800-63-3.html
`The user password must meet the complexity requirements and be at least 8 characters and contain three or more different types of characters:
uppercase alphabetical characters (A through Z)
lowercase alphabetical characters (a through z)
numerals (0 through 9)
special characters
The password must not contain any common dictionary word.
Steve KovarikHi Jon
Thanks for the link to US govt standards published in NIST 800-63-3.
In the mPower firmware (formally AEP) under ‘Administration’ and ‘User Accounts’ you have the ability to change the password complexity rules.
Configuring Complexity Mode for ‘Credit’ allows you to define a minimum number of complexity classes. Hope that helps.
-Best Regards
Mike McNeilHello Jonathan,
Starting at mPower version 5.1.0, administrators can modify the Password Complexity Rules to allow a Credit Mode where the administrator can allow passwords with a specific number of credits instead of the Default Mode.
Please review the Help from your device or from the Software Guide for your device. This would apply to MTCAP, MTCDT, MTCDTIP and MTR products.
Regards,
Mike