Meshcentral: mechcentral login user password complexity requirements

You are right. Is there an industry standard for password complexity someone can point to? I would love to be able to point to a document and say MeshCentral complies with some spec on this. If not, let me know what you have in mind for how a definition would work. - Thanks.

The idea is that when we first log in meshcentral and create an administrator account, the password must meet the complexity requirements (for example, at least one uppercase letter and @ # *! Special characters, not less than 8 bits in length). otherwise，the administrators can enable or disable password complexity requirements when creating regular users.

It's just my ideas, just for reference. Thanks so much.

Billy.adu

There is a good RegXxp example to validate password strength.
https://www.thepolyglotdeveloper.com/2015/05/use-regex-to-test-password-strength-in-javascript/

var strongRegex = new RegExp("^(?=.[a-z])(?=.[A-Z])(?=.[0-9])(?=.[!@#\$%\^&*])(?=.{8,})");
var mediumRegex = new RegExp("^(((?=.[a-z])(?=.[A-Z]))|((?=.[a-z])(?=.[0-9]))|((?=.[A-Z])(?=.[0-9])))(?=.{6,})");

Regards,

Joko

Just published MeshCentral v0.2.4-z with a new password requirement system. In the config.json file, you can set "PasswordRequirements" for the default domain and any other domains you have, here is the syntax:

  "domains": {
    "": {
      "Title": "MyServer",
      "PasswordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1 }
    }

You can set these values anyway you like, max is ignored passed 256. This will cause added password validation on the web pages and server. Hope it helps.

Very helpful. Thanks, Ylianst