The Password Policy Has Changed Starting POA 5.5

Password Policy Change in POA 5.5

The password Policy has changed starting POA 5.5.

Password Strength in POA 5.4

The current setting in Parallels for Password Strength is Medium.

The minimum length for password is 6 characters of different types (uppercase and lowercase letters, numerics, special characters).

If there are only three different types of characters, minimum length is 7.

If password is word-based, or there are less than three different types of characters, minimum length is 8.

There should be enough different characters in password, number depends on password class (more for word-based password or password with few different character types).

Note:

When calculating the number of character types, upper-case letters used as the first character and digits used as the last character of a password are not counted. For example, in the Medium-High level, the password 'Atu157!' will not work, because it starts with the upper-case 'A', but password 'aTu157!' will pass the quality check.

Password Strength in POA 5.5

Conclusion

The new password strength has added one more symbol to the existing password strength in PA 5.4 We should recommend customers to have at least three different types of characters in their password. If less than three characters types will require them to have a password length that is at least 24 characters.

Note:

When calculating the number of character types, upper-case letters used as the first character and digits used as the last character of a password are not counted. For example, in the Medium-High level, the password 'Atu157!' will not work, because it starts with the upper-case 'A', but password 'aTu157!' will pass the quality check

Password Length / 5.4 / 5.5
6 Characters or more / 4 different Character types / Not Allowed
7 Characters or more / 3 different character types / 4 different character types
8 Characters or more / 1 or 2 Character types / 3 different character types

If user wants to use only two types of character in a password then the password length has to be 24 characters.

5.5 Does not allow users to have only one type of character in their password.

Generally, basing a password on a login name is not allowed, but if the rest part of the password is still strong enough then the whole password will be accepted

Examples of weak passwords and error messages

Weak passwords are listed below together with the messages displayed by POA:

• Password: 123

Message: The password is too short.

• Password: 1q2w3e4r

Message: Password of this length should contain more different character classes, like upper and lower case letters, numeric or special symbols. Passwords made of symbols of one character class are forbidden. Try making longer password or adding symbols of other types.

• Password: jjjjjjjjjjjjjjjjjjjjjjjjjjjjjj

Message: The password is too simple. Ensure that the password does not contain repeated character sequences. Add characters of different classes, like upper and lower case letters, numeric or special symbols.

• Password: 1fish23.

Message: The password is word-based but too short for pass phrase. Either do not use words in password, or make it longer with characters of different classes, like upper and lower case letters, numeric or special symbols.

• Password: iAmadmin12

Message: The password is based on personal information.

• Password: abc1234.

Message: The password is based on common sequence of characters and it is not looks like a pass phrase. Avoid using keyboard key sequences. Add characters of different classes, like upper and lower case letters, numeric or special symbols.

In order to avoid false positives, please

1.  Use at least 9 characters in your password

2.  User at least 3 different character types

3.  Don’t use uppercase letter to start the password and don’t use a number to end the password