Password Strength Checking Script

You can tell VPOP3 to enforce password strength checks by using a Lua script which performs the checks for you.

The Lua script can be edited in Settings → Scripts and is called passwordcheck.lua (in older versions of VPOP3 it is stored in a file called passwordcheck.lua in the VPOP3 directory). VPOP3 calls a function called Check which should have the following prototype:

Check(<username>, <password>, <min password length>)

(where '<min password length>' is the minimum length set in Settings → Security in the VPOP3 settings)

This function should return a boolean value to say whether the password is allowed or not (true = allowed, false = not allowed)

A simple example to prevent the password being the same as the username or 'password' would be:

function Check(Username, Password, minlength)
 if Password == Username or Password == 'password' then
  return false
 else
  return true
 end
end

A more complex example is:

blockedWords = {"password", "letmein", "computer"}
minTypes = 3

function Check(Username, Password, minlength)
 lowerPassword = string.lower(Password)
 if Password == Username then
     return false
 end

  for _, value in pairs(blockedWords) do
    if lowerPassword == value then
      return false
    end
  end

 hasDigit = 0
 hasCaps = 0
 hasLower = 0
 hasSpecial = 0
 if string.find(Password, "%d") then
    hasDigit = 1
 end
 if string.find(Password, "[A-Z]") then
    hasCaps = 1
 end
 if string.find(Password, "[a-z]") then
     hasLower = 1
 end
 if string.find(Password, "[^a-zA-Z0-9]") then
     hasSpecial = 1
 end
 differentTypes = hasDigit + hasCaps + hasLower + hasSpecial
 
 if differentTypes >= minTypes then
     return true
 else
     return false
 end
end

If you need, we can produce a script for you, but there would be a cost for this - contact support@pscs.co.uk with a specification for a quote. (The price is usually £50 + VAT for a simple case)