Answered

password minimum length for PROOF accounts

What is the current password minimum length for PROOF accounts? If it is not 15 currently, any way to increase it now? Thx

0
6 comments

Official comment

Avatar
Rex Feizi

Stephen, 

Generally, such requirements are handled by LDAP. We provide LDAP integration as well as SAML in the near future. 

Hence, the above requirements will be handled once eRA integrates Subject7 with its LDAP through SAML. 

Hope this helps. 

 

--Rex

Comment actions Permalink
Avatar
Joseph Hamdan

Hi Stephen,

Yes, the site admin can perform this change and the default is 8 digits. Here are the steps:

  1. Go to /admin and login

  2. Go to User Management → Password Policy

  3. Select the account you need by the checkbox in the left panel of opened tab

  4. Click on Load button in the toolbox. As result all 3 text areas will be filled with password rules for given account

  5. Password validation regular expression will look like this:

    (?!.*[А-я])(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\p{Punct}])(?=\S+$).{8,}$
  6. Replace 8 in the regular expression with the number of desired digits for passwords

  7. Update the text areas "Weak password alert" and "Password rules description" so that the warnings display an accurate message according to the rules you selected
  8. Click on Save having required account selected

Regards,

Subject7 Team

0
Comment actions Permalink
Avatar
Stephen Akinpelumia

Thank you, once I make the change; would all existing users' passwords still be valid and active?

0
Comment actions Permalink
Avatar
Joseph Hamdan

Hi Stephen,

You are most welcome. No, this change will not affect the existing users, it will only affect the below:

  • creating a new user
  • changing password

Regards,

Subject7 Team

0
Comment actions Permalink
Avatar
Stephen Akinpelumia

Thanks Joseph, one more question; is there a way via PROOF/Admin for me to know if a PROOF account's password has been recently changed? Thanks.

 

0
Comment actions Permalink
Avatar
Stephen Akinpelumia

sorry, more questions :) ... does the current implementation of PROOF (8.18.5.1038) allow for these additional account password settings below..

  1. Should provide automated assistance for users in selecting strong passwords
  2. Passwords must be changed at least every 365 days but no more than once a day
  3. Users must be allowed to choose passphrases with spaces and printable characters
  4. Passwords can’t match any of the 10 previous versions
0
Comment actions Permalink

Please sign in to leave a comment.