We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Password limitations and requirements

August 25, 2010 4:22pm

Subscribe [3]

  • #1 / Aug 25, 2010 4:22pm

    Adam Engst

    12 posts

    Hi folks,

    We’ve set up a new account management system using EE 1.6.8 and some of my users have been asking what the limitations on password length and allowed characters are. So, to be very clear:

    * Must EE passwords be within a certain number of characters?

    * Are there any characters that are disallowed in passwords?

    And, should it come up, are the answers to these questions different in EE 2?

    Thanks!

    cheers… -Adam

    Look into my head; follow me on Twitter. http://twitter.com/adamengst
    _____________________________________________________________________
    Adam C. Engst:    I publish TidBITS and Take Control, write books,
    .(JavaScript must be enabled to view this email address)  and make useful introductions in the Mac industry.
    My work: http://www.tidbits.com/ and http://www.takecontrolbooks.com/

  • #2 / Aug 26, 2010 3:26am

    John Henry Donovan

    12339 posts

    Adam,

    Welcome to the forums 😊

    To begin with you should probably do an upgrade to version 1.6.9 which is the last version of that branch but has some security related fixes.

    Take a look under your Security and Session Preferences

    Admin > System Preferences > Security and Session Preferences

    There are 2 settings which are relevant and also appear in EE2.x, Require Secure Passwords and Minimum Password Length

    A secure password would be a password containing at least one uppercase character, one lowercase character, and one numeric character.

    Hope that helps

  • #3 / Aug 26, 2010 9:42am

    Adam Engst

    12 posts

    Thanks!

    I’ve been leery of asking our developer to upgrade to 1.6.9 because the last time there was a minor upgrade, it broke parts of our site. That’s even more true of upgrading to EE 2 - since most of the functionality of our site is custom code, it’s a lot harder to justify an upgrade when it will cost us money in fixing everything that stops working, just to get back to where we were. If there’s assurance that it won’t change anything with custom code, I’d be happy to do it.

    I’m aware of the settings you reference, but they don’t really answer my questions. Perhaps I should restate:

    * Are there any characters that my users might want to use in a password that are disallowed for any reason? I know it takes letters, numbers, and at least most punctuation. But what about, say, Unicode characters?

    * Is there a maximum length that isn’t allowed? It’s not that people would choose a 30-character password manually, but that they might use the password generation feature of a program like 1Password to create such a secure password.

    To be clear, these aren’t theoretical questions - I’ve gotten them from my users.

    cheers… -Adam

  • #4 / Aug 26, 2010 8:22pm

    Brandon Jones

    5500 posts

    Hi Adam,

    I’m not seeing any hard restrictions on allowed characters, so Unicode characters should work, but this may depend on the server. Regarding password length, the limit is 40 characters.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register