Skip to content

Wiki

Minimum password length

The minimum password length for the Limawi password policy is 14 characters. This length is set to ensure a minimum of entropy.

Entropy (zxcvbn library)

The strength of the password is calculated by the entropy needed to break it in brute force.

This entropy is then evaluated on 5 scores.

These scores are composed of “Very Weak, Weak, Good, Strong, Very Strong”.

The score needed for the server to accept the password is at least “Good”.

Forbidden keywords

The password is also checked against a list of forbidden keywords.

These keywords are the most used passwords in the world, they are very likely tested by an attacker.

The current forbidden keywords list is the one currently loaded with the zxcvbn library.

Conclusion

The passwords used on the Limawi servers have to observe the following rules:

  • Length of the password higher than 14 characters
  • Entropy tested by the server higher or same as “Good”
  • The password doesn’t include forbidden keywords as those of the internal zxcvbn list
Modified on

Prerequisite

On a device, you need a two-factor app that supports the TOTP protocol (Time based One Time Password algorithm).

Examples: Google Authenticator, Authy, FreeOTP Authenticator, Gauth, Authenticator and FreeOTP from F-Droid.

Set up the TOTP authentication application

To activate the two-factor authentication, go on the Limawi site to “Your profile”, “Security”, “two-factor Authentication”.

Click on the button “Set up application”. Type your password and validate.

From the resulting page, get the QRCode, or the text code, and put it into the two-factor authentication app on your device.

To verify the settings, enter the code your device app gives in the “Application verification code” field and press “Verify and save” before this code expiration (visible in the device app).

The site should answer by giving the recovery codes page.

Get recovery codes

Keep carefully these recovery codes by printing or writing down all the recovery codes you find in this page. You also may use a password wallet for that (be careful on the application you choose for that). Each code is a single use code. These recovery codes should be usable in emergency rescue if your device is not available.

Once these codes carefully stored, press “Save”.

Your two-factor authentication is set.

Connexion with two-factor authentication

Fill the connexion form with your email and password and submit.

A new page appears asking for the two-factor authentication token.

If your device is available, use your device app to get the code and enter it in the field, then press “Verify”.

You are now connected.

If your device is not available, press “Can’t access your account?” and fill the resulting field with one of your recovery codes and press “Verify”.

You are now connected.

If you use a recovery code, it cannot be used anymore. If you used all your recovery codes, you should regenerate a new list by going to “Your profile”, “Security”, “two-factor Authentication” and press “Get new recovery codes”. Don’t forget to keep theses codes carefully.

Modified on
You can use a MyCrypNet access as a simple tunnel. It won't be able to communicate with the other accesses in the MyCrypNet ...
Modified on
If your device is lost or stolen, you have to act quickly to avoid anyone accessing your MyCrypNet network.
Modified on
The MyCrypNet access delegation provides a way to share accesses with other users by creating a layer 3 network equivalent.
Modified on
The MyCrypNet access delegation enables to share accesses to other users to create a layer 3 network equivalent.
Modified on
The MyCrypNet configurations offered on our site are suitable for the most common connection needs. But advanced users can ...
Modified on
Follow us
© 2019 Coppint Market Place Ltd, All rights reserved.