Monday, November 9, 2015

An important part of supporting you is helping you keep your data secure from the bad guys. Our analysis has shown that hackers' favorite way to gain unauthorized access to email accounts is by exploiting weak passwords. That's why we are changing the password strength requirements. If you use the Thexyz Webmail or Hosted Exchange Administrative APIs, this change may require you to update your integration code. Also, if you use the Directory Sync utility, you may need to adjust your password policy.

On January 6th, 2016, the Control Panel and Webmail interfaces will begin enforcing new rules when setting or changing a password. On January 20th, 2016, all Email API's will be updated to validate new or changed end user passwords according to the new rules. The password rules will now be consistent for both Thexyz Email and Hosted Exchange.

The new password strength requirements are:

    • Must be 8 characters long
    • Must contain 3 of the following:
    • Uppercase letter
    • Lowercase letter
    • Number
    • Special character or space
After January 20th, when attempting to set a password that doesn't match these new requirements, an error response will be triggered from the API. You can - and should - update your code to respect the new requirements now. Please refer to the REST or SOAP documentation for error code specifics. This change will not force any existing users to change their password, regardless of the strength of that password. For that reason, we recommend advising users to periodically change their email passwords.

« Back