Show zimbra password policy when entering a new password

[tperrin]

Hi everyone,

I was asking myself :

Is it possible to show the password policy when a user is asked to change his password ?

For example I have set a CoS in which I make my users change their password every 60 days, and each new password require an upper case, a lower case, a numeric, and 7 letters min.

As my users easily forget thier minds, when they're asked to change, they never remember the policy...

Is it possible to show it on the "Change your password / login" page ?

Thanks

Thibaut

[uxbod]

Please vote for Bug 27194 - Bad error message when password too short and add that it would be useful if the password policy was shown to the user.

[tperrin]

Hi

Thanks for your guidance !

Regards,

Thibaut

[Dirk]

I've thought about this one a number of times in the past, mainly when I'm frustrated by having to explain to the staff for the umpteenth time that their password needs upper and lower case and at least one number.

The problem though, is that if that information is displayed on the logon page, then it makes brute forcing the passwords a lot simpler.

If the login screen tells you that the password needs to be at least 8 chars long, then you know you dont need to brute force anything below this.

Of course, that's all moot if you have account lockout policies set, which pretty much removes the ability to brute force an account.

I dont know the answer to this one, but I think the client currently gives no information about the policy for security reasons.

[uxbod]

How about when you set a expiration within a CoS it would email the user a predetermined number of days before explaining that the password will expire and what the policy for it is ? Most of this information should be available via zmprov/SOAP so could be performed outside of the Admin GUI aswell.

[tperrin]

Maybe you should add this suggestion in the bugzilla ?