Question about ChangePassword control

  • Thread starter Thread starter Evgeny
  • Start date Start date
E

Evgeny

Hello,
I use in ChangePassword web control. The control is connected with a
Membership provider that I also has defined.
Particularly, there is such property in the provider:
MinRequiredPasswordLength

As far as I understood this property should control automatically length of
of new password that was inputed by user in the control. But it didn't do
it. For example, I defined MinRequiredPasswordLength=3, but I succeed to
input and change password of any length. So what is expected behavior of the
control? How should I use this property and others such as
maxInvalidPasswordAttempts and so on?

Thank you

Evgeny
 
Hello,
I use in ChangePassword web control. The control is connected with a
Membership provider that I also has defined.
Particularly, there is such property in the provider:
MinRequiredPasswordLength

As far as I understood this property should control automatically length of
of new password that was inputed by user in the control. But it didn't do
it. For example, I defined MinRequiredPasswordLength=3, but I succeed to
input and change password of any length. So what is expected behavior of the
control? How should I use this property and others such as
maxInvalidPasswordAttempts and so on?

Thank you

Evgeny
Click to expand...

You will always be able to make passwords longer than what you have
set as the minimum. Were you able to set the password to less than
three characters?

Comment: A minimum password length of 3 would not be advisable. It
dramatically reduces the number of passwords possible (at that length)
and reduces an attacker's count of trial and error possibilities for
cracking your passwords (at that length).

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
 
Exactly. This is the problem.
Otis Mukinfus said:
You will always be able to make passwords longer than what you have
set as the minimum. Were you able to set the password to less than
three characters?

Comment: A minimum password length of 3 would not be advisable. It
dramatically reduces the number of passwords possible (at that length)
and reduces an attacker's count of trial and error possibilities for
cracking your passwords (at that length).

Otis Mukinfus
http://www.otismukinfus.com
http://www.tomchilders.com
Click to expand...
 
Back
Top