minRequiredPasswordLength < 10 not working in 7.7.2
Hi,
I started using Umbraco Version 7.7 (actually 7.7.2), but I am not able to reduce the minRequiredPasswordLength from 10 to 9 characters, as I did in the pre-7.7 area. I did make the change in the web.config, but I cannot set my 9 character password in the back-office, as it gives me an error that it is not 10 or more characters.
I use a (simple) algorithm to generate a password for all my work, including the Umbraco developments, and that results in a 9 character password.
So is this a bug, or should I find another algorithm for my post-7.7 Umbraco sites?
Is yours a new install or is it from an upgrade? Works fine for me on a new install.
Whilst this does seem like a bug, I have to question why you are specifically using or requiring passwords of 9 characters in length? With all the password managers available these days, like LastPass, 1Password and such why you are not using much more secure passwords.. 9 characters really isn't a difficult amount to crack, it could be done in 5 days or less to a determined attacker with average processing power.
Sorry to take this off topic, and I hope you don't find me rude. I am just curious as to your thinking behind some 9 character password usage you have going on.
off topic --
Regarding "using or requiring passwords of 9 characters in length? "
As said, I use a (simple) algorithm to generate a password for all my work.
That (most of the time) results in a 9 character password
As I often am at clients (or friends), I don't always have LastPass at hand...
Hence my algorithm...
I now just have to remember that for Umbraco, I need a 10 character pw...
- off topic --
I just installed a clean installation of Umbraco 7.10.1 via Nuget. Without modifying anything the installation dialog states that the password should be at least 10 characters long.
So I edited the web.config's "UsersMembershipProvider" to the following:
Marco, have you tried actually updating the password in backoffice after changing the setting? I haven't tested it on 7.10.1 myself, but on 7.7.4 it wouldn't accept anything shorter than 10 characters even though the UI stated something else.
Like Christian says, I changed the length for an existing project and changing the password in the backoffice still tells me that the password has to be 10 characters.
So it might work for the password when installing, but the backend doesn't seem to care about this setting.
I've been doing some tests on my local machine with clean Umbraco installations. Both version 7.7.4 and 7.10.4.
In both cases everything seems to be working just fine. I set minRequiredPasswordLength="5" and I was able to set a password of 5 characters on either version.
Besides that, I can't really find reported issues on Github or Umbraco issue tracker regarding your issue.
Really all I did was
install clean Umbraco.
Updated web.config setting to minRequiredPasswordLength="5"
Re-run application from VS (ctrl+F5)
Update password for my user in user section to 5 character password
Hi Marco,
Thanks for your efforts.
I tried on V8.6.1, but with the same result:
At step 4 - Update password for my user in user section to 5 character password.
The system says: minimum password length 10 characters...
minRequiredPasswordLength < 10 not working in 7.7.2
Hi,
I started using Umbraco Version 7.7 (actually 7.7.2), but I am not able to reduce the minRequiredPasswordLength from 10 to 9 characters, as I did in the pre-7.7 area. I did make the change in the web.config, but I cannot set my 9 character password in the back-office, as it gives me an error that it is not 10 or more characters.
I use a (simple) algorithm to generate a password for all my work, including the Umbraco developments, and that results in a 9 character password.
So is this a bug, or should I find another algorithm for my post-7.7 Umbraco sites?
Thanks,
Daniel
Experiencing the same in Umbraco 7.7.4, when i tried changed the minRequiredPasswordLength to 8 the backoffice still demands a length of minimum 10.
Is yours a new install or is it from an upgrade? Works fine for me on a new install.
Whilst this does seem like a bug, I have to question why you are specifically using or requiring passwords of 9 characters in length? With all the password managers available these days, like LastPass, 1Password and such why you are not using much more secure passwords.. 9 characters really isn't a difficult amount to crack, it could be done in 5 days or less to a determined attacker with average processing power.
Sorry to take this off topic, and I hope you don't find me rude. I am just curious as to your thinking behind some 9 character password usage you have going on.
For me, it is on a brand new 7.7.4 installation.
It's on a new installation as well.
As said, I use a (simple) algorithm to generate a password for all my work. That (most of the time) results in a 9 character password As I often am at clients (or friends), I don't always have LastPass at hand... Hence my algorithm...
I now just have to remember that for Umbraco, I need a 10 character pw... - off topic --
Is this still an issue? I am running 7.10.1, but can't set a password shorter than 10 characters
Should should really be fixed, so that changing minRequiredPasswordLength actually works :/
Hi Limberg,
I just installed a clean installation of Umbraco 7.10.1 via Nuget. Without modifying anything the installation dialog states that the password should be at least 10 characters long.
So I edited the web.config's "UsersMembershipProvider" to the following:
I rebuild the project and run it and now the installation dialog says that the password should be at least 9 characters long.
Could you please verify your settings in web.config? Perhaps you should try to rebuild and/or restart IIS Express.
Marco, have you tried actually updating the password in backoffice after changing the setting? I haven't tested it on 7.10.1 myself, but on 7.7.4 it wouldn't accept anything shorter than 10 characters even though the UI stated something else.
Like Christian says, I changed the length for an existing project and changing the password in the backoffice still tells me that the password has to be 10 characters.
So it might work for the password when installing, but the backend doesn't seem to care about this setting.
Hi Limberg and Christian,
I've been doing some tests on my local machine with clean Umbraco installations. Both version 7.7.4 and 7.10.4.
In both cases everything seems to be working just fine. I set minRequiredPasswordLength="5" and I was able to set a password of 5 characters on either version.
Besides that, I can't really find reported issues on Github or Umbraco issue tracker regarding your issue.
Really all I did was
Hi Marco, Thanks for your efforts. I tried on V8.6.1, but with the same result: At step 4 - Update password for my user in user section to 5 character password. The system says: minimum password length 10 characters...
is working on a reply...