Minimum password length
The minimum password length for the Limawi password policy is 14 characters. This length is set to ensure a minimum of entropy.
Entropy (zxcvbn library)
The strength of the password is calculated by the entropy needed to break it in brute force. This entropy is then evaluated on 5 scores. These scores are composed of “Very Weak, Weak, Good, Strong, Very Strong”. The score needed for the server to accept the password is at least “Good”.
The password is also checked against a list of forbidden keywords. These keywords are the most used passwords in the world, they are very likely tested by an attacker. The current forbidden keywords list is the one currently loaded with the zxcvbn library.
The passwords used on the Limawi servers have to observe the following rules:
- Length of the password higher than 14 characters
- Entropy tested by the server higher or same as “Good”
- The password doesn’t include forbidden keywords as those of the internal zxcvbn list
Create your secure network