MassTransit requires web contacts to maintain passwords that meet certain complexity requirements. A weak password is one of the most common ways for a malicious attacker to compromise an account. This feature ensures that passwords are more difficult for automated systems to decrypt and for unauthorized users to guess.
Password Guidelines
MassTransit’s Password Complexity feature requires that passwords meet the following guidelines. The password must meet the following requirements:
For example, if user Jane Doe (with login name jane) is changing her password, and Password Complexity is being enforced, the following password examples will not meet the requirements, and therefore cannot be used:
Good examples of strong passwords are as follows:
Note: These passwords are no longer strong passwords and should not be used as they have been published.
When users change their passwords, the new password must meet the complexity requirements. They will be provided with an error message describing the requirements if the password they select is not complex enough.
Configuring Password Complexity
Password Complexity is enabled by default. New web contacts, users changing existing passwords, or users with expired passwords will immediately be subjected to the new requirements upon installing MassTransit.
The Password Complexity can only be disabled globally, not per client. In order to disable it, you need to contact the Administrator of your MassTransit Server.