I think it would be an excellent idea if there was a feature within Plesk which actually checks (once a week or so) for weak passwords and informs users about weak passwords in general.

We still have a lot of customers who use (extremely) weak passwords. To check these manually (even with a simple written script) is to time consuming.

This should be done automatically nowadays. Therefor such a feature is really needed in Plesk.

It should check for weak passwords for:

• weak passwords used in emailaccounts
• weak passwords used for user created databases
• weak passwords for hostingaccounts
• weak passwords used for WP (and other CMS) installations
• weak passwords for WP users
• weak passwords for FTP users

And probably a few others. This would increase security for servers in general and reduce the amount spam coming from servers in general.

Probably Plesk will not be interested to do this, as it will result in less sales of their (anti-spam software and more). But I think this option really should be included within Plesk.

And yes, I know the "Security Policy". On new servers with new hosting accounts this is obviously already enabled, however we have a "ton" of older Plesk servers on which still very easy passwords are used and the "Security Policy" only works when they create a new (for example) emailaddress or change their current emailaddress. So that is not a solution for exisiting accounts.

And yes, Fail2Ban offers some kind of protection, however (in our case) we have the ban period set to 15 minutes, after that potential "hackers" can try again. Etc. Increasing this amount is not a solution as a lot of customers make mistakes in their passwords and get banned every time. Same goes for using "recidive".

So I think it's a very good idea to add a weak password check in Plesk. Which checks for weak passwords on regular basis or a manual check.

We want a safer and cleaner internet and I think this would increase that and Plesk should really make this possible imho.