Password policy settings (DBAuth) - j5 - 28.0 - Installation & Upgrade - Hexagon

j5 Installation and Upgrade

Language
English
Product
j5
Search by Category
Installation & Upgrade
j5 Version
2019

The following configuration settings are available on the Password Policy Settings (DBAuth) node:

  • Maximum Login Attempts: Sets the maximum number of times a user can attempt to sign in before they are locked out.

  • Maximum Password Age (Days): Sets the maximum age (in days) that a user password is valid. Each password needs to be updated after this many days. When the time since the password was changed is bigger than the Maximum Password Age, the user password expires and their password needs to be reset by an Administrator.

  • Password Expiry Warning (Days): Sets how long in advance a user is warned about their password expiring (in days). The password expiration is in the “warning window” (that is, the time since the last password change is bigger than the Maximum Age minus Expiry Warning Days), then a warning is shown to the user when they sign in.

  • Password Strength (0 - 4): The minimum password strength that is required for a valid password. The options are:

    • 0: Password would take less than 1000 guesses to guess (any password is valid).

    • 1: Password would take less than 1000000 guesses to guess.

    • 2: Password would take less than 100000000 guesses to guess.

    • 3: Password would take less than 10000000000 guesses to guess.

    • 4: Password would take more than 10000000000 guesses to guess.

j5 uses a password strength analyzer rather than specifying a rule based on the number of characters and requirements for a certain number of characters to be digits, punctuation, and so on. The reason for this is that such rules often fail to identify common weak passwords (such as Password1 or abc123) and so don’t give reliable estimates of whether a password is suitable or not. In order to help users enter a suitable password, feedback on the strength of the password is given interactively when setting the password.

For further information on the zxcvbn algorithm used to determine password strength, refer to this technical presentation.