Password policy settings (DBAuth) - j5 - 28.0 - Installation & Upgrade - Hexagon PPM

j5 Installation and Upgrade

Language
English (United States)
Product
j5
Search by Category
Installation & Upgrade
j5 Version
2019

The following configuration may be specified under the Password Policy Settings (DBAuth) node:

  • Maximum Login Attempts: Sets the maximum number of times a user can attempt to login before being locked out.

  • Maximum Password Age (Days): Sets the maximum age (in days) that a users password is valid for, before a change is required.

  • Password Expiry Warning (Days): Sets how long in advance a user should be warned about their password expiring (in days)

  • Password Strength (0 - 4): The minimum password strength that is required for a valid password. The options are:

    • 0: Password would take less than 1000 guesses to guess. (any password is valid)

    • 1: Password would take less than 1000000 guesses to guess.

    • 2: Password would take less than 100000000 guesses to guess.

    • 3: Password would take less than 10000000000 guesses to guess.

    • 4: Password would take more than 10000000000 guesses to guess.

j5 uses a Password Strength analyzer rather than specifying a rule based on the number of characters and requirements for a certain number of characters to be digits, punctuation etc. The reason for this is that such rules often fail to identify common weak passwords (such as Password1 or abc123) and so don’t give reliable estimates of whether a password is suitable or not. In order to help users enter a suitable password, feedback on the strength of the password is given interactively when setting the password. For further information on the zxcvbn algorithm used to determine password strength, refer to this technical presentation.