Can I enforce strong passwords in my account?

DeployBot has a built-in algorithm for checking password strength. Every time a user creates a new password, DeployBot will display how much time a potential attacker will need to crack it. Account owners can take this feature to the next level by enforcing strong passwords on their accounts.

As the account owner, go to the Account section, then click on the Security tab. You will see all of your security features, including enforcing strong passwords.

Beanstalk Screenshot

Why enforce strong passwords?

On an account with hundreds of users it can be difficult to keep track of everyone's password strength. One person with a weak password can compromise everyone else. Although DeployBot makes it quite hard to brute-force passwords, enabling password enforcing provides extra peace of mind for the account owner.

How does it work?

Once you enable strong password enforcing, DeployBot will stop accepting weak passwords for new users on your account, as well as existing users when they change their passwords. In addition to that, password strength will be checked for every user the next time they log in. If their password is weak, DeployBot will require them to update it within the next three login attempts.

What's a weak password?

DeployBot considers a weak password one that can be cracked quickly by several different types of attacks. While we're not going to disclose the methods, here are some tips on making sure the password is strong.

Your password should be at least 8 characters long.
If you are using a complex password, make sure to include non-alpha numeric characters (spaces, periods, etc)
If you choose haystack, use at least 4 words, separated by spaces or periods (or some other character). Never use words that are relevant to you, like your name, address, cellphone numbers, city, birth date, etc.

Read more on creating strong passwords in our help article.