1. cPanel & WHM Documentation
  2. WHM
  3. Security Center
  4. Password Strength Configuration
passwords security

Password Strength Configuration

Valid for versions 94 through the latest version

Version:

94

Last modified: June 13, 2024

Looking for this interface?
Note:

Your hosting provider can enable or disable this interface for resellers in WHM's Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller Nameservers and Privileges).

Overview

This interface allows you to define minimum strengths for passwords for all of cPanel & WHM’s features that require password authentication. The system rates password strength on a scale of zero to 100, where 100 represents a very strong password. When you set a minimum password strength, the system automatically rounds this value up to the nearest increment of 5.

To learn about how cPanel & WHM determines password strength, read our How to Determine Password Strength documentation.

Distributed cPanel accounts

For distributed cPanel accounts, the parent node controls password strength requirements for the account’s main password, as well as any services that run on the parent node. Child nodes control other passwords.

For accounts with distributed mail, the mail child node controls the Email and Mailing List password strength settings.

How to set minimum password strengths

Warning:
  • Users with shell access can bypass these requirements with the passwd command.
  • By default, any changes you make in this interface only apply to new accounts. To enforce a new password strength requirement for existing accounts, you must enable the Password Strength setting in WHM’s Configure Security Policies interface (WHM » Home » Security Center » Configure Security Policies).

To set the minimum password strengths, perform the following steps:

  1. To specify the default minimum password strength for features that you set to Default, use the Default Required Password Strength slider or enter a number between 0 and 100 in the appropriate text box.
    Note:

    If you use the Default Required Password Strength setting, we recommend that you set its value to 40 or greater.

  2. To configure a minimum required password strength for a specific feature, use that feature’s slider to specify its minimum password strength, or enter a number between 0 and 100 in the text box.
  3. Click Save to save your changes.

Additional Documentation