Getting Started with DD Chat
"Pre-Ticket Chat" Feature
"Call me Back" Feature
Creating a Chat Session
Handling Chat Requests
Changing your Presence
Subscribing to Webhooks
Viewing Chat History
Getting Started with Broadcasts
Who Can Send a Broadcast
Sending a Broadcast
New Features and UI Designs
New Request Support UI
How to roll out new portal features and UI designs
New Ticket User Interface - V2
Enabling OAuth for DDPortal
How User Authentication works in DeskDirector
Diagnosing Automatic Login Issues
Logging in with a Username + Password
Logging in via URL
Logging in with Passwordless
Logging in with Active Directory
Client Security/Permissions Configuration
Client Security (Autotask)
Portal Access (ConnectWise)
How Additional Access works
Contact Creation Rule
Customer Closed Tickets.
DD Advantage Configuration
DD Custom Domain
DDPortal for Windows
Diagnosing login problems using the new DDGetSID CLI tool
Branding Windows & macOS Portal Installers
DD Portal for Windows: Kaseya Deployment Guide
Getting Started with DD Portal
Installing DD Portal
Troubleshooting your DeskDirector Portal installation
Uninstall Script for DDPortal
Troubleshoot a login failure to the DeskDirector Client
Diagnosing login problems using the DDGetSID tool
DD Portal Terminal Server/Citrix
DD Portal for Windows: LabTech Deployment Guide
DD Portal For Windows: N-central/N-able Deployment Guide
DDPortal for Mac
DD BaseCamp Documentation
Quotes & Invoices
Send emails with Office 365
Adding Media to Play When First Launching the Client
The Flag feature (CW Only)
SMTP / Email Settings
"Ensure VIP ticket's priority" Feature
Setting Up and Using the VIP Priority
Filtering companies in Company Configs
FastTrack in DeskDirector
Change Ticket Status when Customer Adds Note
Branding & Customization
Get Started with Email Template Engine - DeskDirector
HTML Email Templates - ConnectWise
HTML Email Templates - Autotask
Avatars in DDPortal
DeskDirector Web Branding
Theming in DeskDirector
DeskDirector Forms and Request Types
Importing Wufoo Forms to DD Forms
Getting started with DeskDirector Forms
DeskDirector Forms - Question Types in Detail
DeskDirector Forms - Webhooks
DeskDirector Forms - Sections and Conditionals
Setting up Request Types
DeskDirector Forms - Dynamic Fields
Request Type Ordering
Ticket Title Automation
Account & FAQ
Portal and User Issues
Instance & Account Queries
Logging into the Admin Console.
3000 contact limit FAQ
The Admin Console Dashboard
Adding and removing features from your DD Portal Advantage plan
Finding out what server your DeskDirector instance is on.
Enabling Master Admin
Creating an Integrator Login in ConnectWise (SOAP API)
Top 10 Request Types
Getting Started - Admin Console
Frequently Asked Questions
Creating a ConnectWise RESTful API Key
CSV Reporting Tool
Generic vs Customized Request Types
DDPortal (Installed client) Vs. DDWeb (Web Client)
Creating an integrator resource in Autotask
Connectwise Sell (previously Quosal)
How to configure ConnectWise Sell (previously Quosal) Order Porter integration
Adding ConnectWise Sell (previously Quosal) Order Porter link to opportunity
Common WuFoo errors
Wufoo not working
Changing the Summary of Wufoo Tickets
Creating your first Wufoo form
Adding Wufoo Forms To Request Support
Common WuFoo errors
Getting started with WuFoo Forms
Debugging Your Wufoo Integration
Portal Release Notes - Windows/macOS
Portal Release Notes - Web Client
Updated by Jason He
In this article we will cover how DeskDirector stores passwords and enforces password strength.
Our developers have completed a lot of study around password security for our DD Portal password solution.
In short, DeskDirector uses zxcvbn created by DropBox to enforce password strength. This is not based on password requirement or rules, instead we calculate how fast computer can brute force to guess user's password. The longer it takes the better it is.
zxcvbn provide 5 levels on password strength score, we treat them as following:
- 0: Very weak
- 1: Weak
- 2: So-so
- 3: Good
- 4: Great
We currently accept so-so or above.
We do not save password against your PSA system, but to our own database. They are saved as hashed and salted values, the original value of password is not saved in plaint text. This is standard security practices, but very important protect our user's passwords.
The purpose of hash and salt is to protect the value of a password. If a database of an application ever got compromised. You can read from Salted Password Hashing - Doing it Right. It is a way to avoid value been retrieved by hacker through brute force or rainbow tables.
In short, the complex algorithm it uses to hash passwords stops attackers from decrypting password values through brute force in short amount of time. If single password requires a year to decrypt, then it is not cost effective for an attacker to do so. It also provides a buffer time for users to change their password.
The salt that added to the password hashing, helps protect from rainbow attack. Where attacker cannot use a list of commonly used password to guess the value of hashed value.
Password strength is another hot topic related to passwords. Developers of applications often setup rules to help users strengthen their password.
Many of us have definitely encountered these rules before. You're able to use your own name, date of birth, phone, address etc, but are limited on how the password is built. Does that help? No. The primary reason why passwords easily brute forced by attackers is because Your Password is Too Short.
Do special characters and numbers inside passwords help? Certainly, that means for each character there are more options. But when a rule is defined, it is actually easier for the attacker to guess. They now know exactly what is possible and not possible, less guess work.
Someone might argue that password rules were created by a security expert. The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time.
The below basic factors determine how fast a computer can crack a user's password.
- The length of password
- No character restriction (allow any character including Emoji, Korean, Japanese, French e.t.c.)
- No user profile related data (not your username, email, phone, address e.t.c.)
Hopefully this article gives better understanding on DeskDirector's password system.