Password Reset Complexity Settings

[autumnEND]

Hi, i recently changed the password complexity as follows :

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>

This works fine.

However , if a user forgets there password and needs a new one, they answer a security question, and then a new password is sent to them via email.

Te password that is sent is a complex one : eg :
Password: #!FO5:U:!;VQ*c

I wondered if there was any way to change the web config file so that the new password that is emailed to the user isnt complex. Such that it just contains letters and has a lengh of 5 characters .

Any guidance would be appreciated thanks

 

[BoulderBum]

I think Microsoft does that on purpose to make the password more secure.

If you don't like it, your best bet is probably just ditching the built-in reset password control and creating a custom implementation which hooks into the provider using the ChangePassword() method and your own preferences for random password generation.

Unfortunately that requires a little extra code on your part, but if you implement the control to use the default MembershipProvider from web.config then much of the burden will still be on the provider (plus you'll have your own reusable snazzy provider-independent security control like Microsoft's).