Using v1.90, I can't seem to enforce password strength amongst my customers. A customer can register with a password containing as little as one character.
I see where the StoreMembershipProvider seems to set minRequiredPasswordLength to '7' and minRequiredNonalphanumericCharacters to '1', but these don't seem to be reflected in the membership provider in the web.config.
Is there a setting I'm missing to enable this?
Password Strength
MVP
青铜解决方案合作伙伴
- 2898
- 23165
- 2010/1/8
- United States
what exactly you're trying to do ?
Are you trying to make changes in the password strength or requirements?
You can add a password strength meter which is more user-friendly.
Here is the tutorial along with the code: http://www.strivingprogrammers.com/Blog/post/Lavish-Kumar/29/Steps-to-add-password-strength-meter-in-nopCommerce-3-30-register-page/
Are you trying to make changes in the password strength or requirements?
You can add a password strength meter which is more user-friendly.
Here is the tutorial along with the code: http://www.strivingprogrammers.com/Blog/post/Lavish-Kumar/29/Steps-to-add-password-strength-meter-in-nopCommerce-3-30-register-page/
- 2
- 10
- 2010/7/7
- United States
The problem I'm having is that there don't seem to be any password strength requirements enforced.
Even registering via the demo site at demo.nopcommerce.com, I can register as a user with a single character password. This doesn't comply with our business requirements, so I need to configure the application to require a strong password.
I see where it seems to be set in the code, but just doesn't seem to be required when the user actually registers.
I considered implementing the strength meter as was shown in the example you referenced, but unfortunately this is still outside of our security requirements. The meter will tell the user that they're selecting a poor password, but the app will still allow it to be selected.
Is there any way to require a strong password?
Even registering via the demo site at demo.nopcommerce.com, I can register as a user with a single character password. This doesn't comply with our business requirements, so I need to configure the application to require a strong password.
I see where it seems to be set in the code, but just doesn't seem to be required when the user actually registers.
I considered implementing the strength meter as was shown in the example you referenced, but unfortunately this is still outside of our security requirements. The meter will tell the user that they're selecting a poor password, but the app will still allow it to be selected.
Is there any way to require a strong password?
