locked
Password strength does not work RRS feed

  • Question

  • I have set password strength to weak or any password; but when i go to set a user password on whs it requires a 7 digit or medium password. sounds like a bug.
    Thursday, April 26, 2007 7:46 PM

Answers

  • Complex password should be required only for the following scenarios:

     

    1. Password Policy (in server settings -> Passwords) is set to Strong.

    2. User has remote access enabled (Irrespective of what the policy is).

     

    TOD1954, please see the thread: http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=1497005&SiteID=50 

     

    "The basic problem we were trying to solve is not users like you and me (fully aware of the complexities of password and the ease in cracking them) setting a password that we think is is secure (may not agree with WHSdefinition of secure password), but the significant portion of home users inadvertantly enabling remote access for their local user accounts with blank (or close to blank) password (just becasue they had blank password on their machines all these years for ease of loggin in). It is much harder to make them realize that the account is now no longer within the boundaries of your home network, but is exposed to the outside world and is at the mercy of anybody who has some spare time with them. So for such users, leaving that hole could prove to be disastrous compared to the annoyance of having to remember a complex password. After al lthe whole purpose of the product is to help users protect their data :-)"

    Thursday, April 26, 2007 11:31 PM
    Moderator

All replies

  • I have had this happen too. Disabling remote access and moving the password strength slider did not change the need for complex passwords.
    Thursday, April 26, 2007 7:52 PM
  • This is a feature I could do without. I don't need the software forcing me to use strong passwords.
    Thursday, April 26, 2007 7:55 PM
  • Complex password should be required only for the following scenarios:

     

    1. Password Policy (in server settings -> Passwords) is set to Strong.

    2. User has remote access enabled (Irrespective of what the policy is).

     

    TOD1954, please see the thread: http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=1497005&SiteID=50 

     

    "The basic problem we were trying to solve is not users like you and me (fully aware of the complexities of password and the ease in cracking them) setting a password that we think is is secure (may not agree with WHSdefinition of secure password), but the significant portion of home users inadvertantly enabling remote access for their local user accounts with blank (or close to blank) password (just becasue they had blank password on their machines all these years for ease of loggin in). It is much harder to make them realize that the account is now no longer within the boundaries of your home network, but is exposed to the outside world and is at the mercy of anybody who has some spare time with them. So for such users, leaving that hole could prove to be disastrous compared to the annoyance of having to remember a complex password. After al lthe whole purpose of the product is to help users protect their data :-)"

    Thursday, April 26, 2007 11:31 PM
    Moderator
  • I can understand the reasons for this and could even live with strong passwords being the default, however it should be an option that can be changed under any situation. I generally use phrases and not strong passwords so I don't have to remember the non standard chars.
    Friday, April 27, 2007 4:32 PM
  • Got it! I will convey this feedback to the rest of the feature team. Thanks!
    Friday, April 27, 2007 4:51 PM
    Moderator
  • I found that I was confusing Users, (with access to the server locally and remotely) with those whom I allowed to access the server via Photo Webshare.  The Passwords screen does indicate that "User accounts with Remote Access enabled always require strong passwords."  I'm not sure if my confusion over this as a new administrator could have been mitigated with a better definition on the setup screen defining the difference between User Accounts and Webshare access.
    Monday, December 3, 2007 6:46 AM
  • It's fairly easy to change password requirements. Just check out the following thread for a HowTo:

     

    http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=1767953&SiteID=50

    Monday, December 3, 2007 9:42 AM
    Moderator