AU
APP009: Static Password Strength Policy
Does the application enforce a password strength policy of: - For Active Directory, Siteminder and LDAP, static passwords (other than PINS) must contain a minimum of 8 characters, which must contain both letters and numbers , and be case sensitive - Password different from the username - For all other environments, static passwords (other than PINS) must contain a minimum of six (6) characters, which must contain both letters and numbers , and, if technically feasible, be case sensitive.
Guidance: Static password requirements:
- For Active Directory, Siteminder and LDAP, static password (other than PINS) must contain a minimum of eight (8) characters, which must contain both letters and numbers, and be case sensitive.
- For all other environments, static passwords (other than PINS) must contain a minimum of six (6) characters, which must contain both letters and numbers, and, if technically feasible, be case sensitive.
- Static passwords used by customers are exempt from case sensitive requirement.
Replies
QuickView does have a password policy, which includes controls for:
To view the password policy select Configuration > Security > Policies:
And here are examples of the alerts displayed if the password does not comply with the policy:
Additional references: Security Policies