39567: What is MassTransit Password Complexity?

Translate to:

Applies to:

Question:

What is MassTransit Password Complexity?

For information about password complexity in MassTransit 7, please refer to Introduction page of the Web Client User Guide or to the Contacts page of the Server Configuration Guide.

Answer:

MassTransit 5.1 introduces an optional new feature that requires web and application client contact users to maintain passwords that meet certain complexity requirements. A weak password is one of the most common ways for a malicious attacker to compromise an account. This feature ensures that passwords are more difficult for automated systems to decrypt and for unauthorized users to guess.

Password Guidelines

MassTransit's Password Complexity feature requires that passwords meet the following guidelines. The password must meet the following requirements:

  • At least 6 characters long
  • Contains one English character, number, and non-alphanumeric character. Supported characters are as follows: !\"#$%&'()*+,-./:;<=>?@[\\]^_'{|}~
  • Does not match or contain the contact name or the login name

For example, if user Jane Doe (with login name jane) is changing her password, and Password Complexity is being enforced, the following password examples will not meet the requirements, and therefore cannot be used:

  • password -- Password does not contain a number or non-alphanumeric password.
  • janedoe1! -- Password contains both the Username and Login Name.
  • 12a$ -- Password is less than 6 characters long.

Good examples of strong passwords are as follows:

  • 4pRte!ai@3 -- not a dictionary word, has both cases of alpha, plus numeric, and non-alphanumeric characters
  • 0@u2to0mo9b!19le64 -- A word "automobile" with numbers mixed throughout and random non-alphanumeric characters

Note: These passwords are no longer strong passwords and should not be used as they have been published.

When users change their passwords, the new password must meet the complexity requirements. They will be provided with a error message describing the requirements if the password they select is not complex enough.

Configuring Password Complexity

Password Complexity is enabled within MassTransit by default. New web or application client contacts, users changing existing passwords, or users with expired passwords will immediately be subjected to the new requirements upon installing or upgrading MassTransit to version 5.1 or later.

Password Complexity can be disabled globally by editing the MassTransit.cfg file, located in the root of your installation directory. (Generally, C:\Program Files\Group Logic\MassTransit Server 5 for Mass Transit 5.x and C:\Program Files\Group Logic\MassTransit Server 6 for Mass Transit 6.x on Windows and Macintosh HD:Applications:MassTransit Server 5 for Mass Transit 5.x and  HD:Applications:MassTransit Server 6 for Mass Transit 6.x on Macintosh.)

Setting the ENFORCE_PASSWORD_COMPLEXITY value to FALSE will disable Password Complexity. Commenting this value out, or, setting it to TRUE will enable Password Complexity. Any other values will result in Password Complexity being enabled.

Passwords in place before upgrading to MassTransit versions 5.1 and later will remain weak until they are changed by the user or administrator.

Tags: 

You are reporting a typo in the following text:
Simply click the "Send typo report" button to complete the report. You can also include a comment.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
2 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.