Our Products & Services
Getting Started
First Time Setup
Getting Started With Jobs
Getting Started with Ticketing
Setting Sonar up for Billing
Getting Started with Accounts
Getting Started with Inventory
Baseline Configuration
User Specific Resources
How To: Using Sonar's Customer Portal
Accounts
Account Types: Overview & Example Use Cases
Account Statuses: Overview & Example Use Cases
Account Management View: Overview
Scheduled Events: Overview & Use Cases
Notes & Tasks: Best Practices & Use Cases
Child Accounts: Best Practices & How Tos
Disconnecting an Account
Understanding the Affordable Connectivity Program
FCC Broadband Data Collection (BDC) Filings: How Sonar Can Help
Account List View: Overview
Specify Account ID upon Creation
Lead Intake Form Processing
Account Groups: Overview & Example Use Cases
CPUC Fixed Broadband Deployment by Address
Serviceable Addresses: Overview and Usage
FCC Data Exports: General Overview and Usage
Creating a New Account
Billing
Setting up Bank Account & Credit Card Processors
Billing Settings
Billing Defaults
Taxes Setup
General Ledger Codes: Overview
Services: Overview
Building a Data Service
Building Packages
Delinquency Billing Best Practices
Accounts in Vacation Mode
Batch Payments & Deposit Slips: Overview
Creating Discounts for Services and Packages
Setting Up Payment Methods and Taking Payments
Canadian ACH tool
Printed Invoice Batches: Overview
Delinquency Exclusions: Overview and Use Cases
Multi-Month Billing & Multi-Month Services
How to Take Bank Account Payments
Email Invoice Batch: Overview
Manual Transactions
ACH Batching: Overview
Billing Calculator
General Transactions: Best Practices
Usage Based Billing Policies: Overview and Usage
How to: Adding a Service to an Account
Usage Based Billing Policy Free Periods: Overview and Usage
Using Tax Exemptions - How To
Avalara: Overview & Setup
Print to Mail
Communication
Setting up an Outbound Email Domain
Triggered Messages: Setup
Call Logs: General Best Practices
Using the Mass Message Tool
Saved Messages: Overview
Message Categories: Overview & Use Cases
Phone Number Types: Overview and Use Cases
Email Variables & Conditions
Communication Tools: Overview
Trigger Explanations
Companies
How to: Setting Up a Company in Sonar
Managing Multiple Companies in Sonar: Best Practices
Rebranding your Sonar Instance
Financial
Contract Templates
Invoice Attachment Use Cases & PDF Examples
Invoice Messages: Overview & Use Cases
Invoices in Sonar: Examples, Creation & Contents
Integrations
Calix Integration: Overview
GPS Tracking Providers: Overview
Webhooks in Sonar: Basic PHP Example
How to Connect Cambium to your Sonar Instance
iCalendar Integration
RemoteWinBox - Integration with Sonar
External Marketing Providers
The Sonar Field Tech App
How to Connect Preseem to your Sonar System
Tower Coverage Integration: Overview
GoCardless Integration: Overview & Setup
Vetro FiberMap Integration: Overview
How to: Using Webhooks in Sonar
CrowdFiber Integration
Inventory
Setup of Inventory: Manufacturers, Categories, and Assignees
Inventory List View: Overview
Inventory Model Management: General Overview
Tracking and Using Consumable Inventory
Jobs
Job Types: Best Practices
Setting Up Schedules General Overview
Applying Task Templates to Jobs
Scheduling Week View: Overview
Example Jobs & Templates
Scheduling How-to: Creating and Booking a Job
Geofences: Overview
Edit Job Options
Jobs and Scheduling: Overview
Mapping
Misc.
Monitoring
Building a Monitoring Template
Pollers: General Overview, Deployment Strategy, Build Out & Setup
Building Alerting Rotations
Poller Troubleshooting
Networking
IP Assignments & Sonar
MikroTik: Setting Up a Sonar Controlled DHCP Server
IPAM: Basic Setup
MikroTik as an Inline Device: Integration With Sonar
MikroTik: Controlling Speeds
MikroTik: Controlling Access
PacketLogic: Integration With Sonar
Setting Up CoA Proxy
RADIUS: Building Reply Attributes
Data Usage Available Methods
Pulse, Polling, and PHP
Using Multiple Network Devices in Sonar
IPAM: Overview
Cable Modem Provisioning
LTE Integration
Assigning RADIUS Addresses
Controlling Customer Speeds with Sonar: General Overview
Sonar Flow
RADIUS: Build-Out & Integration with Sonar
Network Dashboard: Overview
Being Cloud Native
Netflow Integration: Overview
Building a Device Mapper
Sonar IP Addressing
Automating IP Assignments, Data Rates, and Network Access in Sonar
DHCP Delivery
Assigning an IP Address Using Sonar's IPAM: How to
Network Sites: Management View Overview
Building RADIUS Groups
Building Address Lists
Finding your OIDs
Purchase Orders
Release Notes
Reporting
Understanding Sonar Reports
How To Enhance Your Reporting With Custom Field Data
Report Licenses
Enhanced Business Intelligence - Tips & Tricks for Advanced Users
Sonar's Business Intelligence: Overview
Security
User Role Creation & Best Practices
Removing a Terminated Employee In Sonar
Password Policy In Depth
Application Firewall: General Overview and Best Practices
Users: Overview
Role Creation using GraphiQL
Sonar Billing
sonarPay
System
How to Best Use Global Search
How Your Data is Backed Up
How To Use GraphiQL to Understand the Sonar API
Frequently Used Terms
Sonar's Rich Text Editor
Mutations in the Sonar API
Notification Preferences
API Calls Using Third Party Applications: Personal Access Tokens
Date/Time Picker: Overview
Auth0: Overview
The New Sonar API
Introducing the New Sidebar
Upgrading your Ubuntu OS - Customer Portal Upgrades
A Deeper Dive into the New Sonar API
Consuming the Sonar API
Filtering: Simple vs Advanced
Browser Compatibility and Minimum Hardware Requirements for Sonar
REST API Wrappers for V1 Compatibility
User Profile: Your Personal User Settings
SMS Notifications
Dynamic Time Zones in Sonar
System Settings: Overview
Troubleshooting the Customer Portal
Controlling Your Landing Page: Personal Preferences
Interacting with Files via the API
Getting Your Data into Sonar
Customizing Your Customer Portal
Ticketing
Ticketing: Overview
Canned Replies Examples & Templates
Canned Reply Categories
Inbound Mailboxes Example Build
Ticket Categories Best Practices & Example Build
Exploring Ticket Groups
Using Parent Tickets
How to Integrate Inbound Mailboxes with Slack
Advanced Ticketing Features
Voice
Working With the Sonar Team & Additional Resources
Sonar's Security Practices & Certifications
Sonar and General Data Protection Regulation (GDPR)
Technical Security Overview
CyberSecure Canada Certification
Sonar's Security Strategies
Best Practices for Fast Tracking a Support Request
How Sonar Bills Your Instance
The Sonar Status Page
The Sonar Community Forum
Feedback Portal / Suggest a Feature
Sonar Casts Table of Contents
How to Request Termination of your Sonar Instance
Submitting Bugs vs. Feature Requests
Third Party Customer Support Referrals
Client Services Training Overview
Learning with Sonar: Tools and Resources
Table of Contents
- All Categories
- Security
- Password Policy In Depth
Password Policy In Depth
Updated
by Mitchell Paul-Soumis
Read Time: 2 mins
Sonar's User Password Policy
In general, you want to set requirements so that passwords are difficult to guess, but not so far as to cause "security fatigue" or make it difficult for your staff. In general, it is best to use passphrases rather than passwords as these are more difficult to brute force attack. Increasing the password strength requirements will do more to create secure passwords than implementing specific requirements around symbol use.
Sonar allows you to implement a "Minimum Password strength" using the zxcvbn algorithm.
What is Minimum Password strength
zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.
Sonar uses zxcvbn as an algorithmic alternative to password composition policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".
More secure: policies often fail both ways, allowing weak passwords (P@ssword1) and disallowing strong passwords.
More flexible: zxcvbn allows many password styles to flourish so long as it detects sufficient complexity — passphrases are rated highly given enough uncommon words, keyboard patterns are ranked based on length and number of turns, and capitalization adds more complexity when it's unpredictable.
The number settings are the estimated number of guesses that would be required to match a password and can be broken down as follows:
- Risky Password (0): less than one thousand guesses (example: p@ssword)
- Very Guessable (1): less than one million guesses (example: angel08)
- Somewhat Guessable (2): less than one hundred million guesses (example: Tr0ub4dour&3)
- Safely Unguessable (3): less than ten billion guesses (example: correcthorsebatterystaple)
- Very Unguessable (4): At least ten billion guesses (example: coRrecth0rseba++ery9.23.2007staple$)
For some context, a (1) level password could be cracked via an unthrottled online attack in less than an hour, a (3) level password would take anywhere between months and years at the same submission rate.
