Mystic BBS Wiki

User Tools

Site Tools

Trace: config_user_password_policy
config_user_password_policy

This is an old revision of the document!

User Password Policy

This section of the Mystic BBS Configuration System allows the SysOp to configure rules for users creating passwords on a Mystic BBS. The password policy allows settings for minimum password length, number of required capital letters, numbers, and symbols.

Mystic allows the option to store passwords in case insensitive cleartext and case insensitive hashing using industry standard methods for password storage. It is highly recommended to use password hashing and stop using cleartext passwords.

This example screen is from a Windows based system and displays the standard 'out of the box' settings that ship with the default installation. 

              █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ User Password Policy ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
              █                                                    █
              █  Minimum Length            │ 7                     █
              █  Minimum Capital Letters   │ 0                     █
              █  Minimum Numbers           │ 0                     █
              █  Minimum Symbols           │ 0                     █
              █  Maximum Password Attempts │ 3                     █
              █  Force Password Change     │ 0                     █
              █  Allow Password Inquiry    │ Yes                   █
              █  Allow Reset By E-mail     │ Yes                   █
              █  Password Storage Method   │ PBKDF2 SHA512 Hash    █
              █  PBKDF2 512-bit Iterations │ 1000                  █
              █                                                    █
              ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█

Minimum Length

The minimum length a password can be. It is highly recommended that the minimum password length be set to at least 7 characters.

Minimum Capital Letters

The minimum number of required capital letters in the password.

Minimum Numbers

The minimum number of required numbers in the password.

Minimum Symbols

The minimum number of required symbols in the password.

Maximum Password Attempts

The maximum number of attempts a user is allowed when entering a password.

Force Password Change

The number of days before a user is required to change their password. This looks at the 'Last PW Date' field found on page four (Statistics) of each individual user record.

Allow Password Inquiry

Allow the option for the user to contact the SysOp via BBS email after a failed login attempt.

Allow Reset By E-mail

Allow the option for the user to be sent a reset code by Internet email? (Requires sendmail functionality to be enabled)

Password Storage Method

xx

PBKDF2 512-bit Iterations

xx

config_user_password_policy.1545855875.txt.gz · Last modified: 2018/12/26 14:24 by avon
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki