The software release after version 1.00.17.213 adds the ability to enforce a password structure for users, as well as the ability to login using an email address rather than the usual 4-character userID.
Setup Details:
The new enhanced security features can be activated by adding a new environment variable.
ENV("ENHANCED_SECURITY")= XXXX, A, B, C, D, E
Once activated it can be used to specify:
XXXXX - If set to EMAIL forces users to login using the email address stored against their userID. If set to anything else, they login using their 4-character UserID.
A =Length: The password must be at least this length (e.g. 12 characters)
B=Numbers: The password must contain at least this many numbers (0-9).
C=Upper Case: The password must contain at least this many Upper Case letters.
D=lower case: The password must contain at least this many lower case letters.
E=Other: The password must contain at least this many Other (non Alpha numeric) such as #, @, !, etc.
Usage:
After activating the feature, the first time a user logs into the system, if their current password does not match the new policy they will be forced to create a new password which adheres to the requirements.
Followed by a screen where they must type their old password followed by the New password .
The system helpfully explains what the rules of password construction are.
Graeme Orchard
Comments