Challenge questions error: The response for question ... is too commonly used
713 views
Skip to first unread message
liquid...@gmail.com
Aug 26, 2015, 7:20:57 PM8/26/15
to pwm-general
This is a new installation with the default ~800k wordlist. When trying to set answers to the challenge questions most responses return the "too commonly used" error. I'm not interested in matching the responses against a wordlist but I can't figure out how to bypass the checking. Although I'm about to try uploading a blank list as the complexity requirements will handle the passwords.
matt.f...@nakedwines.com
Sep 16, 2015, 9:48:26 AM9/16/15
to pwm-general, liquid...@gmail.com
On Thursday, 27 August 2015 00:20:57 UTC+1, liquid...@gmail.com wrote:
> This is a new installation with the default ~800k wordlist. When trying to set answers to the challenge questions most responses return the "too commonly used" error. I'm not interested in matching the responses against a wordlist but I can't figure out how to bypass the checking. Although I'm about to try uploading a blank list as the complexity requirements will handle the passwords.
> This is a new installation with the default ~800k wordlist. When trying to set answers to the challenge questions most responses return the "too commonly used" error. I'm not interested in matching the responses against a wordlist but I can't figure out how to bypass the checking. Although I'm about to try uploading a blank list as the complexity requirements will handle the passwords.
I get this error too. This is going to be extremely frustrating to the end user so would be nice if the common responses option could be turned off.
Jason Rivard
Sep 18, 2015, 1:03:16 PM9/18/15
to pwm-general, liquid...@gmail.com
When you edit the challenge questions there is an option to enable or disable wordlist checking.
Will Ernst
Sep 18, 2015, 1:20:24 PM9/18/15
to Jason Rivard, pwm-general
Where? I looked extensively for this setting, and just looked again and don't see any such option. I'm running the latest nightly build as of 8/28.
I ended up not requiring the Q&A though. Partly because of this issue but mainly because PWM required users to have set their questions before using it to reset passwords.
Jason Rivard
Sep 18, 2015, 2:58:04 PM9/18/15
to pwm-general, jri...@gmail.com, liquid...@gmail.com
On Friday, September 18, 2015 at 1:20:24 PM UTC-4, Will Ernst wrote:
Where? I looked extensively for this setting, and just looked again and don't see any such option. I'm running the latest nightly build as of 8/28.
Policies ⇨ Challenge Policies ⇨ [profile] ⇨ Random Questions. Click the question set, uncheck the wordlist option as desired for each question.
I ended up not requiring the Q&A though. Partly because of this issue but mainly because PWM required users to have set their questions before using it to reset passwords.
See: Policies ⇨ Challenge Settings ⇨ Force Response Setup
Will Ernst
Sep 18, 2015, 3:27:22 PM9/18/15
to Jason Rivard, pwm-general
On Fri, Sep 18, 2015 at 12:58 PM, Jason Rivard <jri...@gmail.com> wrote:
On Friday, September 18, 2015 at 1:20:24 PM UTC-4, Will Ernst wrote:Where? I looked extensively for this setting, and just looked again and don't see any such option. I'm running the latest nightly build as of 8/28.Policies ⇨ Challenge Policies ⇨ [profile] ⇨ Random Questions. Click the question set, uncheck the wordlist option as desired for each question.
Ah ha! I even changed some of the questions but somehow missed it there. I dug all around too.
I ended up not requiring the Q&A though. Partly because of this issue but mainly because PWM required users to have set their questions before using it to reset passwords.See: Policies ⇨ Challenge Settings ⇨ Force Response Setup
Yup, already disabled that. PWM has been working great and has been a huge help in our environment, both in alleviating expired/forgotten password issues but also streamlining our new user process.
Thanks for the help!
Reply all
Reply to author
Forward
0 new messages