One of the most common reasons for a mail server to be hijacked is due to weak passwords on user accounts.  Unfortunately some users like to make their passwords very easy and simple to remember and this sometimes makes that password very easy to hack.  Over the last several versions of IMail we've made adjustments to accounts in order to help administrators get a better control over what passwords can be used by end-users.  In this post we're going to discuss how to enforce password complexity requirements and how to audit your users to ensure they are not using weak passwords.

As an IMail administrator you have the option to configure the password strength you want enforce on your users.  This is a domain level option and can be configured differently for each domain hosted on your IMail server.  There are five levels of password complexity available and those are weak, simple, moderate, strong, and extreme.

Console Admin - Password Complexity Setting

A setting of weak requires the password to be at least 3 characters in length.  The simple setting requires the password to be at least 6 characters in length, contain at least 1 letter (regardless of case), and contain at least 1 number or special character.  Moderate requires the password to be at least 6 characters in length, contain at least 1 letter (lower case), contain at least 1 number,  contain at least 1 special character or 1 capital letter.  Setting the password strength to Strong will require the password to be at least 8 characters in length, contain at least 1 lower case letter, contain at least 1 capital letter, contain at least 1 number, and contain at least 1 special character.  Finally the extreme setting will require passwords to be at least 8 characters in length, contain at least 2 lower case letters, contain at least 2 capital letters, contain at least 2 numbers, and contain at least 2 special characters.

Configuring the password complexity can be done within either the console or web administration tools. The setting is available on the Domain configuration screen under user login options/settings. Joins us for Part 2 when we discuss the Password Audit tool available in the IMail Utilities Pack.


Subscribe to Email Updates