Mailcow-dockerized: Password generator ignoring password policy

Created on 17 Jan 2019  路  4Comments  路  Source: mailcow/mailcow-dockerized

Not sure if this is a bug or a feature request tbh, but if you manually change the password policy, the password generator for new accounts ignores those policies, thus generates invalid passwords.

bug enhancement
Source
picture DatAres37

Most helpful comment

BTW: Would be nice to have xkdcpass as an option for those autogenerated passwords
https://github.com/redacted/XKCD-password-generator

for "every day use" i like something like
xkcdpass -v [a-z,A-Z] --max=8 -w /usr/share/dict/words -n 4

picture Adorfer on 23 Jan 2019
👍32

All 4 comments

Oh. That's a good catch.

andryyy picture andryyy on 17 Jan 2019

BTW: Would be nice to have xkdcpass as an option for those autogenerated passwords
https://github.com/redacted/XKCD-password-generator

for "every day use" i like something like
xkcdpass -v [a-z,A-Z] --max=8 -w /usr/share/dict/words -n 4

Adorfer picture Adorfer on 23 Jan 2019
👍32

Also, the default generator is very insecure 8 lowercase letters + 2 numbers.

JPaulMora picture JPaulMora on 25 Sep 2019

Not really. You gain nothing with unreadable passwords with a length of 16 chars. People will write them down or save them in a passwords.txt.

I learned it is much better to create easy-to-remember default passwords. You can always change the policy in vars.inc.php (or better vars.local.inc.php) or generate super long, special char passwords yourself.

andryyy picture andryyy on 25 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

damdinsharav picture damdinsharav  路  3Comments
patrick7 picture patrick7  路  3Comments
GalacticLion7 picture GalacticLion7  路  3Comments
bonanza123 picture bonanza123  路  3Comments
K2rool picture K2rool  路  3Comments