1. Password should be minimum 8 characters with Mandatory Alphanumeric with a special character.
2. Password expire period should be configurable after that one has to change password mandatory.
3. User Account should lock on unsuccessful login attempts. No. of attempts should be configurable. To UNLOCK the account should be part of Admin rights.
4. Check feasibility of not allowing last used 5 passwords [Optional]
We are incorporating the following password checks:
User will be able to provide a password expiry days at company level and accordingly, all passwords shall start getting expired and user will have to change the password before logging in.
We are going with fixed rule set for password complexity (non-configurable, however user will be allowed to select whether to apply this complexity):
Not catering the following requirements -
Reason: We are unable to fulfil this request as we are having a decentralized architecture and applying these validations as of now is impossible.
Password cannot be same as last x no. of passwords
Reason: Same as point 1.
Username shouldn't be there in password
Reason: As per our system, we allow username to be changed, so this validation stands invalid.
Attachments Open full size
Password should be forced by configurable policy, user must be forced to change his password after XX days which should be configurable in password policy.
Attachments Open full size