Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 6 of 6

Thread: Changing to Stronger Password for Customers

  1. 03-02-2010, 05:52 AM #1
    Emissary is offline Member
    Join Date
    Sep 2008
    Location
    Florida
    Posts
    60

    Default Changing to Stronger Password for Customers

    Currently our sites do not enforce strong passwords for customers. I would like to understand how I can make this change and also what is the "net" effect of this change when customers currently do not have strong passwords. Will it be forced upon them to change the next time they sign in?

    Thanks!
  2. 03-02-2010, 06:38 AM #2
    Mike The Last Boyscout is offline User
    Join Date
    Nov 2008
    Posts
    254

    Default

    You can set the 'UseStrongPwd' AppConfig to true and customers will have to meet the same password standards as admin users. There is no effect on existing customer account until the next time they need to reset their password. If you want all customers to have to do so you could set the PasswordChangeRequired column to 1 for all customers in the Customer table, but I imagine a lot of customers won't be happy with that.
    Last edited by Mike The Last Boyscout; 03-02-2010 at 06:56 AM.
  3. 03-02-2010, 06:51 AM #3
    VibeCommerce is offline Member
    Join Date
    Dec 2006
    Location
    Grandville, MI
    Posts
    63

    Default

    Yes, certainly you know your customer and industry better than many of us, but forcing a customer to have a strong password... make sure that the positives outweigh the negatives on this one

    As a customer of online retail, it would drive me crazy to have a strong password required.
    Chris McKellar
    Vibe Commerce
    AspDotNetStoreFront DevNet Partner
    AspDotNetStoreFront Add Ons
    AspDotNetStoreFront Customization
  4. 03-02-2010, 06:57 AM #4
    Emissary is offline Member
    Join Date
    Sep 2008
    Location
    Florida
    Posts
    60

    Default Thanks All

    I do appreciate the great feedback. And you are both right that enforcing strong passwords for customers is something to carefully consider before implementing it for lots of reasons.
    Thanks again.
  5. 03-02-2010, 07:22 AM #5
    Emissary is offline Member
    Join Date
    Sep 2008
    Location
    Florida
    Posts
    60

    Default One other question about this.

    I noticed on the CreateAccount and Account.aspx pages, next to password is says "(at least 5 chars long)". Does this change once I turn on strong passwords for customers? Or do I need to manually update it to display some other text, more appropriate here?
  6. 03-02-2010, 08:15 AM #6
    Mike The Last Boyscout is offline User
    Join Date
    Nov 2008
    Posts
    254

    Default

    That would need to be manually updated, but can be done via a String Resource