Not Enforcing Strong Passwords

  • +ES

    (@evelynmsdesigngraphicscom)


    7 years, 11 months ago

    Hello+
    Prior to today I was very happy with how the free WordFence plugin functioned. I upgraded to version 6.2.8 yesterday, and prior to that the “Enforce strong Passwords?” set to “Force all members to use strong passwords” was set and was doing a fantastic job! Then I upgraded to the 6.2.8 version and today I have received 2 notices that 2 different new users are using “very easy” passwords! The first time I got that notice I went into my platform and double checked the settings (and they are set to what I stated above) and saved again. Then a few hours later a received another notice about a different user with the exact same “very easy” password issue! Please advise how to get the plugin to function as expected (and as it was prior to 6.2.8). Also, please advise how to now get these new users to change their passwords to something stronger!
    Thank you, +ES

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hello Evelyn,
    It could be that “Check password strength on profile update” option wasn’t enabled before, because that’s the option responsible for these alert emails, I’ve just tested “Enforce strong Passwords” option and I can confirm it’s working as it should, as the above link suggests, you should notify those users that their password does not meet your site password strength requirements.

    Thanks.

    Thread Starter +ES

    (@evelynmsdesigngraphicscom)

    Hello+

    Thank you for the quick response! Yes, that option was already checked prior to the update and was working perfectly. As stated, only after the update did I get the 1st alert and at that time I went in and verified that it was still checked (it was) and I re-saved (just to be certain) and then several hours later I got another alert about a different subscriber… That is when I reached out to the forum here….However, since you cannot duplicate the issue and are not receiving tons of similar complaints (I assume) then I understand there is not much you can do at this point on your end.

    I am worried that the system will allow these users to create new passwords but not force them to make them “very strong” since it previously (somehow) allowed them to make “very weak” passwords, and I do not want to harass my clients about recreating “very strong” passwords (until I stop receiving those alerts from the plugin about them being “very weak”) – do you understand my worries? Do you have any suggestions?

    Thanks,
    +ES

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Not Enforcing Strong Passwords’ is closed to new replies.