Password Policy

Owned by Karen McDonald
Last updated: Feb 05, 2024 by Gemma Heidemann
2 min read

Wise Owl Password Policy

Wise Owl uses the following password policy for accounts stored in Appliances themselves. If you are using an external directory system such as Windows Active Directory, you may be subject to different (possibly additional) password requirements.

  • Minimum length of 8 characters (configurable per-Appliance).

  • Require one upper, lower and number character (may be disabled per-Appliance).

  • Any character is allowed. Including spaces, punctuation, HTML, non-English letters / numbers, characters not on standard keyboards, and any Unicode character point.

  • Maximum length is 256 characters. This is to allow for longer passphrases but not overload system resources.

  • All passwords are checked against a blacklist stored on Wise Owl Legal servers. This blacklist contains several million poor passwords and passwords leaked from public websites.

  • Leading and trailing spaces are removed (as some external programs and 3rd party appliances may be unable to process them).

  • No expiry dates are enforced. We recommend you create a stronger password and simply not change it. (Note, if you are using an external directory system, you may be required to change your password on a regular basis).

Wise Owl Password Blacklist

Many passwords used by real users have been leaked and become public knowledge through networks of password crackers (some malicious, others less so). These leaks are due to poor security measures by other web sites (including high profile sites such as Yahoo!, Sony and LinkedIn). Unfortunately, these passwords are now public knowledge among groups who would like to steal data from your Wise Owl Legal Appliance.

Wise Owl Legal take proactive measures in protecting your password by obtaining as many of these leaked passwords as possible and placing them on a large blacklist. We are constantly updating and adding to this list. In mid 2013 it consisted of 50 million passwords. The only way to find out of your password is on the black list is to attempt to change it, you will immediately see a tick or cross indicating if your password has been blacklisted. Wise Owl recommends using a strong password for your account.