Question about ChangePassword control

E

Evgeny

Hello,
I use in ChangePassword web control. The control is connected with a
Membership provider that I also has defined.
Particularly, there is such property in the provider:
MinRequiredPasswordLength

As far as I understood this property should control automatically length of
of new password that was inputed by user in the control. But it didn't do
it. For example, I defined MinRequiredPasswordLength=3, but I succeed to
input and change password of any length. So what is expected behavior of the
control? How should I use this property and others such as
maxInvalidPasswordAttempts and so on?

Thank you

Evgeny
 
O

Otis Mukinfus

Hello,
I use in ChangePassword web control. The control is connected with a
Membership provider that I also has defined.
Particularly, there is such property in the provider:
MinRequiredPasswordLength

As far as I understood this property should control automatically length of
of new password that was inputed by user in the control. But it didn't do
it. For example, I defined MinRequiredPasswordLength=3, but I succeed to
input and change password of any length. So what is expected behavior of the
control? How should I use this property and others such as
maxInvalidPasswordAttempts and so on?

Thank you

Evgeny
Click to expand...

You will always be able to make passwords longer than what you have
set as the minimum. Were you able to set the password to less than
three characters?

Comment: A minimum password length of 3 would not be advisable. It
dramatically reduces the number of passwords possible (at that length)
and reduces an attacker's count of trial and error possibilities for
cracking your passwords (at that length).

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
 
E

Evgeny

Exactly. This is the problem.
Otis Mukinfus said:
You will always be able to make passwords longer than what you have
set as the minimum. Were you able to set the password to less than
three characters?

Comment: A minimum password length of 3 would not be advisable. It
dramatically reduces the number of passwords possible (at that length)
and reduces an attacker's count of trial and error possibilities for
cracking your passwords (at that length).

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NewPasswordRegularExpression bug in ChangePassword control 9
Problem with changepassword webcontrol 6
ActiveDirectoryMembershipProvider & ChangePassword control 7
ChangePassword 0
Adding security question/answer check to ASP.NET *ChangePassword* control 2
Change a users password without knowing the old password nor the answer to the password question 1
Changing a users password without knowing the old password nor the answer to the password question 2
ChangePassword First Time Login 0

Members online

No members online now.
Total: 29 (members: 0, guests: 29)
Robots: 442

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top