You can tell VPOP3 to enforce password strength checks by using a Lua script which performs the checks for you.
The Lua script can be edited in Settings → Scripts and is called passwordcheck.lua (in older versions of VPOP3 it is stored in a file called passwordcheck.lua in the VPOP3 directory). VPOP3 calls a function called Check which should have the following prototype:
Check(<username>, <password>, <min password length>)
(where '<min password length>' is the minimum length set in Settings → Security in the VPOP3 settings)
This function should return a boolean value to say whether the password is allowed or not (true = allowed, false = not allowed)
A simple example to prevent the password being the same as the username or 'password' would be:
function Check(Username, Password, minlength)
if Password == Username or Password == 'password' then
return false
else
return true
end
end
A more complex example is:
blockedWords = {"password", "letmein", "computer"}
minTypes = 3
function Check(Username, Password, minlength)
lowerPassword = string.lower(Password)
if Password == Username then
return false
end
for _, value in pairs(blockedWords) do
if lowerPassword == value then
return false
end
end
hasDigit = 0
hasCaps = 0
hasLower = 0
hasSpecial = 0
if string.find(Password, "%d") then
hasDigit = 1
end
if string.find(Password, "[A-Z]") then
hasCaps = 1
end
if string.find(Password, "[a-z]") then
hasLower = 1
end
if string.find(Password, "[^a-zA-Z0-9]") then
hasSpecial = 1
end
differentTypes = hasDigit + hasCaps + hasLower + hasSpecial
if differentTypes >= minTypes then
return true
else
return false
end
end
If you need, we can produce a script for you, but there would be a cost for this - contact support@pscs.co.uk with a specification for a quote. (The price is usually £50 + VAT for a simple case)