New Message Search Latest Redo
Web Connection
Mixed-case passwords
Gravatar is a globally recognized avatar based on your email address. Mixed-case passwords
  Michael Hogan (Ideate Hosting)
  All
7BH0GGM07
  Nov 6, 2025 @ 07:40am
Reply

What's the easiest way to incorporate mixed-case passwords into the cAuthenticationMode = "UserSecurity" login process?

Gravatar is a globally recognized avatar based on your email address. re: Mixed-case passwords
  Rick Strahl
  Michael Hogan (Ideate Hosting)
7BH0KC4WY
  Nov 6, 2025 @ 09:29am
Reply

You can copy and override the logic in wwprocess::OnAuthenticatUser() into your own process class, and then change this line:

IF !this.oUserSecurity.Authenticate(LOWER(lcUserName),LOWER(lcPassword))

and remove the LOWER() wrappers.

If you're using email addresses I would definitely leave the username at lower and ensure that all email addresses are stored lower case though!

I kind of question why I forced the lower case here especially for the password - it makes it easier on the user, but these days with complex passwords generated by password managers this is probably not a good idea. It won't break anything but diminishes the complexity of the password strength some.

I'm considering removing the LOWER() from the password in that code but that might break some people.

Comments?

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Mixed-case passwords
  Michael Hogan (Ideate Hosting)
  Rick Strahl
7BN0PBXCO
  Nov 12, 2025 @ 11:49am
Reply

I would support that decision...

© 1996-2025