Enforcing Strong Passwords
==========================

Ensuring that users create strong passwords is crucial to ensuring the
security of InterWorx. From the Settings page in NodeWorx, system administrators are able to set a 
required password strength for the accounts and users on their server.

.. contents::

Accounts Subject to the Required Password Strength
--------------------------------------------------

- NodeWorx users
- SiteWorx users
- SiteWorx FTP accounts
- SiteWorx mailboxes
- Shell user passwords
- MySQL root password
- SiteWorx MySQL users

Generally, if it is a password that is configured from within the
InterWorx control panel, InterWorx can enforce the password policy.

.. warning::

   The required password strength policy does not, and cannot, enforce password
   strength on third-party software, such as WordPress.

The Password Strength Levels
----------------------------

- **Weak**: At least 7 characters
- **Medium**: At least 7 characters with uppercase/lowercase mix OR at least
  12 characters
- **Strong**: At least 7 characters with uppercase/lowercase mix that contains
  at least one number OR at least 12 characters with at least one number
- **Very Strong**: At least 12 characters with uppercase/lowercase mix that
  contains a number or special character (!,@,#,$,%,^,&,*,?,_,~,-,£,(,))

.. note::

   Common passwords are also blocked from use. For a list of blocked common
   passwords see ``/home/interworx/lib/dict/commonpasswords``


To Set A Required Password Strength
-----------------------------------

#. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)
#. In NodeWorx navigate to **Server > Settings**
#. Under Password Options, select **the desired password strength** from the Required Password Strength 
   dropdown

   .. image:: /images/nw-password-options.png
      :alt: The Password Options section of the Settings page

#. Click **Save**