Password strength is a measure of a password’s resistance against guessing or brute-force attacks. The strength of a password depends on its length, complexity, and unpredictability. You can make your server more resistant to brute-force attacks by changing the default password strength policy.
When configuring the password strength policy in Plesk, you can choose from five password strength levels, ranging from “Very weak” to “Very strong”. Changing the password strength policy to a stricter one increases the minimum password length, and also makes it mandatory to use different types of characters in passwords (upper- and lowercase characters, digits, and special characters). Whenever a Plesk user sets a new password or changes an existing one, they are required to adjust the password until it meets the requirements of the password strength policy currently in effect.
By default, the password strength policy is set to “Strong”. Strong passwords in Plesk must contain at least all of the following:
- Eight characters.
- One upper- or lowercase character.
- Three numbers and one special character (!, @, #, $, %, ^, &, *, ?, _, ~) or one number and two special characters.
The password strength policy is applied to the following Plesk passwords:
- Passwords used to log in to Plesk.
- Subscription system users’ passwords.
- Database users’ passwords.
- Mailbox passwords.
To change the password strength policy for Plesk users:
Go to Tools & Settings > Security Policy (under “Security”), and then scroll down to the “Password strength” section.
Under “Minimum password strength”, select the radio button corresponding to the desired password strength policy.