default password requirements

Topics brought up by the TimeTrex open source community.
Post Reply
jarrett125
Posts: 125
Joined: Tue Aug 23, 2016 11:44 am

default password requirements

Post by jarrett125 » Tue Sep 06, 2016 12:50 pm

timetrex version 9.1.3

i was wondering what the default password requirements are with the free community edition because i have seen when i enter a password of 12345 it works but asdf12 and neither does !Qa12 work but !@QWas12 works. I'm not sure what the requirements the program is specifically looking for by default or how to change it any help on this would be greatly appreciated.

shaunw
Posts: 7353
Joined: Tue Sep 19, 2006 2:22 pm

Re: default password requirements

Post by shaunw » Tue Sep 06, 2016 3:02 pm

TimeTrex is looking for moderately strong passwords, of which the length and number of unique characters/numbers/symbols is the primary factor.

So !Qa12 would be too short, but if you added just a couple more characters it should work fine. Numbers are scored higher than letters, so thats why 12345 is accepted, although in the next major release of TimeTrex we will be increasing the minimum password strength requirement slightly to prevent simple passwords (ie: 12345, abcdef), or long dictionary words (ie: superabundant) from being accepted.

It will still typically allow passwords with numbers and letters like: john902 though, as long as the number of unique characters/numbers is sufficient.

jarrett125
Posts: 125
Joined: Tue Aug 23, 2016 11:44 am

Re: default password requirements

Post by jarrett125 » Wed Sep 07, 2016 5:34 am

would a 3 letter and 3 number password continue to work after update.

shaunw
Posts: 7353
Joined: Tue Sep 19, 2006 2:22 pm

Re: default password requirements

Post by shaunw » Wed Sep 07, 2016 9:00 am

Existing passwords will always continue to work, its just if the password is ever changed or a new employee is added when the higher requirements will be enforced.

royalpublishing
Posts: 11
Joined: Mon Nov 30, 2015 3:30 pm

Re: default password requirements

Post by royalpublishing » Mon Sep 19, 2016 10:13 am

I am on Timetrex Community Edition v9.13 and I am attempting to import users via the API and since I am on the Community Edition, it doesn't appear you can edit the password length parameter in any way. We do have a decent password policy in place, however, our current password policy only requires a minimum of 6 characters and TT appears to require more so the API call fails. Any way to adjust this setting to make this work?

jarrett125
Posts: 125
Joined: Tue Aug 23, 2016 11:44 am

Re: default password requirements

Post by jarrett125 » Wed Sep 28, 2016 12:56 pm

what we have done was enforce a 2222 password requirements 2 upper case 2 lower case 2 numbers 2 special characters it's the only thing I have seen that no matter what the password is it will always work from previous talks the password requirements are only going to increase. what we do is have new people sign up on a spreadsheet fill out their information import that file under employee / employees tab then on the far right take the excel spreadsheet save it as a CSV file and import it makes life a little bit easier on a small scale we currently have around 200+ accounts.

Post Reply