Idea ID: 2874009

[CMX/C10] Difficult-to-hack "passphrases" require improvements to current password complexity rules

Status: Needs Clarification

Steve, we need some more details.  Let's discuss and update here.

See status update history

Current C10 password complexity rules require; 1 uppercase letter, 1 number, 1 special character, and 8 - 20 characters in length.

Whereas "passphrases" (often, short sentences) are frequently 30+ characters long, always include spaces, and rarely include numbers. 

Example:

This meaningless passphrase, "Probing whomever doornail abruptly coast.", is arguably quite difficult to break. But with current C10 password rules; it is illegal because it is too long, it contains spaces, and it does not include a number.

So this enhancement request is that C10 password complexity rules be improved to support passphrases which:

  • Require no less than 10 characters

  • Allow up to 50 characters

  • Support embedded spaces

  • Require 1 uppercase letter, 1 special character

  • And preferably, not require a number

Ref. https://www.useapassphrase.com/ - "Random passphrases provide the best combination of memorability and security."

  • As clarified in a recent meeting, this improvement would need to be configurable at the Partner and Customer levels and allow for passphrases (which are longer than 10-characters, include spaces, and don't require any digits.)