Getting Started with DeskDirector
DeskDirector Portals
Browser Support
What is the DeskDirector Admin Portal?
What is the DeskDirector TECH Portal?
What is the DeskDirector Client Portal?
Desktop Portal
Managing Your Account
Pricing & Subscription Plans
Deskdirector - Sign up walk through
Managing your DeskDirector Subscription
Admin Essentials
Release Notes
Permissions & Feature Configuration (Tokity)
Permissions & Feature Configuration (ConnectWise/Autotask Partners)
Automatic Contact Creation
The Developer Corner
DeskDirector Features Overview
Desktop Portal Version Differences
Logging in to DeskDirector
User Profiles & Profile Pictures
Office Hours
Using Markdown
How Searching Works
Embedding Help Page Media
Get started with the DeskDirector Power Automate Connector
Features
Portal Customization
Service Catalogue
Forms
Getting started with DeskDirector Forms
DeskDirector Forms - Question Types in Detail
Dynamic Form Content
Communication
Actionable Messages for Emails
Real-Time Chats
Notifications
Email Notifications
Email Template Engine
Surveys
Broadcasts
Generative AI
DeskDirector with Generative AI
Setting up AI Service Providers
AI Assistants in DeskDirector
Custom Tools for AI Assistants
Knowledge Bases for AI Assistants
Ticket Summary for Tech Portal
Advanced
Login & Authentication
Contact & User Groups
Approvals
Task Lists
The Learning Center
Tags
Custom Domains
File Storage
Portal Deep Linking
Clean Tickets
Contacts
Accounts
Service Dashboard
Auditing and Analytics
Integrations
ConnectWise
ConnectWise Custom Menu Item for DeskDirector
ConnectWise
ConnectWise Quotes & Invoices
ConnectBooster
ConnectWise Sell
ConnectWise - Avoid Aggressive Notifications
AutoTask
Switching or Merging PSAs
QuoteWerks
Wise-Pay
TimeZest
BiggerBrains
OneNote Notebooks
Integrations - Frequently Asked Questions
IT Glue
Microsoft Teams App
Introducing the DeskDirector for Microsoft Team App
Installing the Microsoft Teams App (Client Mode)
Installing the Microsoft Teams App (Tech Mode)
Setting up Tags for Teams Discussions (Tech)
Branding the DeskDirector Teams App
DeskDirector Teams App Notifications
User Groups Integration with Microsoft Teams
Setting up Content Security Policy (CSP)
Advanced topic: Setting up Tech & Client Mode in the same tenancy
Integrating Microsoft Teams with DeskDirector Tech Portal
Smart Alerts for Tech Users
Microsoft Power Automate
Actions
Solutions
Power Automate Template Gallery
Featured Solution: Teams Ticket Discussion
Featured Solution: Ticket Briefing
Introduction to Power Automate
Power Automate Connector - Setting up your first flow
DeskDirector Power Platform Connector Reference
DeskDirector Connector Triggers
Troubleshooting
Troubleshooting via Web Developer Tools
Desktop Portal - Common Issues
Contact & Service Agent Impersonation
Diagnose Entities Tool
DeskDirector Desktop App - Installation Issues
Troubleshooting DeskDirector Connection Issues
Login & Authentication - Common Issues
Permissions & Access - Common Issues
Tickets & Chats - Common Issues
Approvals - Common Issues
Email & Email Delivery - Common Issues
PSA Entity Syncing - Common Issues
PSA Integration - Common Issues
ConnectWise Integration - Common Issues
Autotask Integration - Common Issues
ConnectWise Audit Trail - Exporting API Logs
Microsoft Teams App - Common Issues
Contact DeskDirector Support
Security
Glossary
Archived
- All Categories
- Archived
- Password Requirements for DeskDirector
Password Requirements for DeskDirector
In this article we will cover how DeskDirector stores passwords and enforces password strength.
Our developers have completed a lot of study around password security for our DD Portal password solution.
In short, DeskDirector uses zxcvbn created by DropBox to enforce password strength. This is not based on password requirement or rules, instead we calculate how fast computer can brute force to guess user's password. The longer it takes the better it is.
zxcvbn provide 5 levels on password strength score, we treat them as following:
- 0: Very weak
- 1: Weak
- 2: So-so
- 3: Good
- 4: Great
We currently accept so-so or above.
Saved Passwords
We do not save password against your PSA system, but to our own database. They are saved as hashed and salted values, the original value of password is not saved in plaint text. This is standard security practices, but very important protect our user's passwords.
The purpose of hash and salt is to protect the value of a password. If a database of an application ever got compromised. You can read from Salted Password Hashing - Doing it Right. It is a way to avoid value been retrieved by hacker through brute force or rainbow tables.
In short, the complex algorithm it uses to hash passwords stops attackers from decrypting password values through brute force in short amount of time. If single password requires a year to decrypt, then it is not cost effective for an attacker to do so. It also provides a buffer time for users to change their password.
The salt that added to the password hashing, helps protect from rainbow attack. Where attacker cannot use a list of commonly used password to guess the value of hashed value.
Password strength
Password strength is another hot topic related to passwords. Developers of applications often setup rules to help users strengthen their password.
Many of us have definitely encountered these rules before. You're able to use your own name, date of birth, phone, address etc, but are limited on how the password is built. Does that help? No. The primary reason why passwords easily brute forced by attackers is because Your Password is Too Short.
Do special characters and numbers inside passwords help? Certainly, that means for each character there are more options. But when a rule is defined, it is actually easier for the attacker to guess. They now know exactly what is possible and not possible, less guess work.
Someone might argue that password rules were created by a security expert. The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time.
The below basic factors determine how fast a computer can crack a user's password.
- The length of password
- No character restriction (allow any character including Emoji, Korean, Japanese, French e.t.c.)
- No user profile related data (not your username, email, phone, address e.t.c.)
Hopefully this article gives better understanding on DeskDirector's password system.
