1

Password Policy

Topic: Password Policy

Hello,

I do like to suggest the implementation of a password policy for users access. The current possibility of creating any simple password combination is leading to unauthorized access and possible tampering.

2

Password Policy

Re: Password Policy

It's really simple. You can assign to a user any password you like and then disable the option Can change password for this user.

Besiades, do not forget about access rights. If you don't want something to be tempered with, deny access to it.

Katerina Alexandrova
Product Manager (Hecterra)
Gurtam
3

Password Policy

Re: Password Policy

Yeah sure, this way it is achievable. But there are some clients with strict corporate security policy who do want to change their password and at the same time want the system enforce their users comply and create strong passwords.

4

Password Policy

Re: Password Policy

This is a process issue in my opinion. You can have the user test the password that they want to use in a password analyzer to validate the strength of the password to ensure it is strong.

Do you let users set their own passwords ?

Alternatively in a future update of hosting this password strength checking could be implemented or a partner may want to develop an add on that does this.

Phoenix Solusi
Mobile Visible Secure
Specialists in data acquisition and analysis for mobile and fixed assets. Integration in to content management systems is a specialty we have.
5

Password Policy

Re: Password Policy

Yeah I allow users to change their password

6

Password Policy

Re: Password Policy

pleaaaase no implementation of a mandantory "minimum 8 letters, one special character, one big character, one number, change password every 3 month, dont use old password"
You wount make your endcustomers happy.

I would like to have 2 factor auth (like the google authenticator). that is cool and easy (but of cause only for those who would like to use such a tool)

Wolf.

Politeness dictates it to write his name on a post