AU

APP009: Static Password Strength Policy

Does the application enforce a password strength policy of: - For Active Directory, Siteminder and LDAP, static passwords (other than PINS) must contain a minimum of 8 characters, which must contain both letters and numbers , and be case sensitive - Password different from the username - For all other environments, static passwords (other than PINS) must contain a minimum of six (6) characters, which must contain both letters and numbers , and, if technically feasible, be case sensitive.

Guidance: Static password requirements:

  • For Active Directory, Siteminder and LDAP, static password (other than PINS) must contain a minimum of eight (8) characters, which must contain both letters and numbers, and be case sensitive.
  • For all other environments, static passwords (other than PINS) must contain a minimum of six (6) characters, which must contain both letters and numbers, and, if technically feasible, be case sensitive.
  • Static passwords used by customers are exempt from case sensitive requirement.
Replies
  • MD

    QuickView does have a password policy, which includes controls for:

    • Minimum password length
    • Must contain both letter, lower and uppercase, and numbers
    • Must not contain parts of the username

    To view the password policy select Configuration > Security > Policies:

    And here are examples of the alerts displayed if the password does not comply with the policy:




    Additional references: Security Policies

Please Sign In to submit new tickets or to reply to existing ones.

Ticket ID

T-00018

Created

January 21, 2021 05:52 PM

Product

QuickView