I noticed that my InterWorx control panel no longer lets me use a weak password for my email accounts, even when I change the password of an existing email account that already employs what is considered to be a weak password. Instead, it is requiring me to use what InterWorx detects is a “strong” password, but its opinion of “strong” doesn’t fit the norm used by other password strength detection algorithms found around the web.
Thus, I do not like this. Is there a way to disable it, or alternately to work around the limitation by changing the passwords via command line? If so, how do I go about doing either of these? I’d prefer the former rather than the latter, but I digress. Anything is better than being stuck having to use what InterWorx feels is a strong password.
Unfortunately, it seems as though InterWorx interpretation of a strong password is a “long” password, rather than a password that mixes case or uses numbers or symbols, as most strong password detection systems employ around the web.
Google implements a minimum 8-character password, and if your password has 8 lowercase letters it’s considered “WEAK”. Add a capital letter or a number and it’s usually “GOOD” though can be just “FAIR” (but still acceptable) if those letters and numbers are close together on the keyboard. Add both a capital letter and a number, or add a symbol to an otherwise lowercase password, and usually the password will come out as “STRONG”. There’s more to it than that, of course, but this sort of basic algorithm is expected these days, not the requirement of a ridiculously long password that’s often a pain to type when accessing email from mobile devices when passwords aren’t saved.
According to Google’s schemes, the 8-character password format that I’ve been using for my email accounts are indeed considered “STRONG” (though it’s actually just 7 lowercase letters and a number). Google is even said to have an API for use of their algorithm on other sites. Perhaps you might consider implementing it? http://www.codeproject.com/Articles/19245/Google-Password-Strength-API
If you’re going to require a strong password, at least consider implementing a strong password detection algorithm that lets 8 character passwords through so long as they have at least one number or special character. The current InterWorx strength scheme just doesn’t bode well for me. It is a rather annoying limitation.
Thanks for your response and consideration to improve the intelligence of the current algorithm in future InterWorx updates!