Password Strength

[Troy]

Since WHMCS is owned by cPanel can't you guys use the same algorithm for password strength? I have 90 set as a value in General Settings -> Minimum User Password Strength and 80 set for password strength in cPanel, and STILL there are passwords that will get through the WHMCS check but be rejected by cPanel.

It's driving users (and me) crazy! I'm going to push the WHMCS setting up to 95 or maybe 100, but with the same ownership of both products you would think matching values on both sides would do the trick.

[Troy]

Something as simple as MuFFin123# passes the WHMCS check set at 100, but fails cPanel set at 80.

[Kian]

The best advice I can give you is to use PreModuleCreate generate secure password and replace it with the one generated by WHMCS so that cPanel is happy.

[Troy]

The issue is clients wanting to change their passwords. WHMCS says their password is strong but then cPanel disallows it.

Maybe the password strength in the WHMCS settings are for system-generated passwords only? Still it doesn’t seem wise to show the user they are using a good secure password only to then inform them of a failure when they submit it. 

[Kian]

You can get rid of that thing too. Override that javascript with your one and trigger an alert when customers provide unsecure passwords (unsecure according to your logic of course).