Question about ChangePassword control


E

Evgeny

Hello,
I use in ChangePassword web control. The control is connected with a
Membership provider that I also has defined.
Particularly, there is such property in the provider:
MinRequiredPasswordLength

As far as I understood this property should control automatically length of
of new password that was inputed by user in the control. But it didn't do
it. For example, I defined MinRequiredPasswordLength=3, but I succeed to
input and change password of any length. So what is expected behavior of the
control? How should I use this property and others such as
maxInvalidPasswordAttempts and so on?

Thank you

Evgeny
 
Ad

Advertisements

O

Otis Mukinfus

Hello,
I use in ChangePassword web control. The control is connected with a
Membership provider that I also has defined.
Particularly, there is such property in the provider:
MinRequiredPasswordLength

As far as I understood this property should control automatically length of
of new password that was inputed by user in the control. But it didn't do
it. For example, I defined MinRequiredPasswordLength=3, but I succeed to
input and change password of any length. So what is expected behavior of the
control? How should I use this property and others such as
maxInvalidPasswordAttempts and so on?

Thank you

Evgeny

You will always be able to make passwords longer than what you have
set as the minimum. Were you able to set the password to less than
three characters?

Comment: A minimum password length of 3 would not be advisable. It
dramatically reduces the number of passwords possible (at that length)
and reduces an attacker's count of trial and error possibilities for
cracking your passwords (at that length).

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
 
Ad

Advertisements

E

Evgeny

Exactly. This is the problem.
Otis Mukinfus said:
You will always be able to make passwords longer than what you have
set as the minimum. Were you able to set the password to less than
three characters?

Comment: A minimum password length of 3 would not be advisable. It
dramatically reduces the number of passwords possible (at that length)
and reduces an attacker's count of trial and error possibilities for
cracking your passwords (at that length).

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top