Enforce Password Policy in Application User Master

1. Password should be minimum 8 characters with Mandatory Alphanumeric with a special character.

2. Password expire period should be configurable after that one has to change password mandatory.

3. User Account should lock on unsuccessful login attempts. No. of attempts should be configurable. To UNLOCK the account should be part of Admin rights.

4. Check feasibility of not allowing last used 5 passwords [Optional]

  • Harsh Nahata
  • Dec 9 2015
  • Released
  • Attach files
  • Admin
    Product Team commented
    3 Oct, 2017 12:09pm

    We are incorporating the following password checks:

    1. Password Expiry -
      User will be able to provide a password expiry days at company level and accordingly, all passwords shall start getting expired and user will have to change the password before logging in.
    2. Password Complexity -
      We are going with fixed rule set for password complexity (non-configurable, however user will be allowed to select whether to apply this complexity):
      • Minimum 8 characters
      • Should contain at least 1 uppercase, 1 lowercase and 1 special character

    Not catering the following requirements -

    1. Account locked post x no. of attempts
      Reason: We are unable to fulfil this request as we are having a decentralized architecture and applying these validations as of now is impossible.
    2. Password cannot be same as last x no. of passwords
      Reason: Same as point 1.

    3. Username shouldn't be there in password
      Reason: As per our system, we allow username to be changed, so this validation stands invalid.

  • Guest commented
    11 Apr, 2017 07:57am

    Password should be forced by configurable policy, user must be forced to change his password after XX days which should be configurable in password policy.

Note : Do not post a lengthy title for an Idea. Post your Idea clearly supported by Screenshots, Examples and Case Studies (if possible).