How to change strong password policy in ASP.NET

[jake]

Hi.
I am building web apps in visual web developer 2005 express and SQL
2005 express. Users have complained about the strong password policy,
so I would like to change it to somthing like at least 5 letters and 1
number. Thanks for the help in advance.
-Jake

 

[Juan T. Llibre]

By default, the ASP.NET membership providers enforce strong passwords.

For example, the SqlMembershipProvider ensures that passwords are at
least seven characters in length with at least one non-alphanumeric character.

You should ensure that your membership provider configuration
enforces passwords of at least this strength, for maximum security.

If you want to lessen the password complexity rules enforced by your provider,
you can set the following additional attributes in the providers section of your
<membership defaultProvider...> element of web.config :

minRequiredPasswordLength
The default is 7.

minRequiredNonalphanumericCharacters
The default is 1.

See :
http://msdn2.microsoft.com/en-us/li...ity.membership.minrequiredpasswordlength.aspx

Why you would do that is beyond me, though.
I would *never* lessen the security of my ASP.NET apps.



Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================