Company: Link Technologies
Case No: L07143. Project: 07.50: LinkSOFT Version 7.5
Logged By: Rashna (Edge Business Solutions) on 01 Oct 2015 09:27AM
Priority: Medium
Product: Payroll & HR
Group: Change Request
Time Taken: 7.00 (Weight: 7.00)
Version: 07.500.0904
Assigned To: Sanjay (Link Technologies)
Circulation: Alvis, AwaitingApproval, Development, Rashna, Sanjay
Resolve By: Friday, 11 December 2015 12:00 AM [3129 days since logged date]
Status: Closed
Subject: Enforce use of special characters in passwords when registering on Web applications
Summary:    
A request was made by XXXXX to enforce passwords to be 8 Characters long and contain Special characters.

Requirments

The existing XXXXX Password Policy requires that all passwords be at least 8 characters long. It must also contain numbers, punctuation and letters (both upper and lowercase) and must anything that can be easily guessed or deduced by potential attackers based on the users personal, family, social, academic or work circumstances.

Action Taken

As advised I had set had set the minimum length as 8 and minimum nonalphacharacters as 2 in the web config file.


When registering

  • Tried to create a user with password as 12 - system did not allow create user. Message - Invalid Password
  • Tried to create a user with password as supergirl - system did not allow create user .  Message - InvalidPassword.
  • User was created successfully with password as 78#$abcd.

Change - Alter the message to instruct user to include special characters when registering.





Audit Notes:
02 Dec 201512:15PM Comment 1 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 11-12-2015 12:00 AM Time Taken: 1.00
Allovcated to patch 1 for Helpdesk

03 Dec 201504:24PM Comment 2 by Sanjay (Link Technologies) Assigned To: Alvis (Link Technologies) Followup Date: 11-12-2015 12:00 AM Time Taken: 3.00

Hi Alvis,

I have changed the registration process to display the NON Alpha Numeric characters. Please change LT_SYS_Module version to 7.5.0.8 and assign to Rashna to validate.

Screenshot of message expected below.

Figure 1: Message showing password strength settings.


04 Dec 201510:46AM Comment 3 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 11-12-2015 12:00 AM Time Taken: 1.00
Completed. Included RM site files to patch 8.

04 Dec 201511:03AM Comment 4 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 11-12-2015 12:00 AM Time Taken: 1.00

I have changed the password requirments to be:

             minRequiredPasswordLength="6" 
             minRequiredNonalphanumericCharacters="1" 

The message displayed on registration is: Passwords must be a minimum of 6 characters in length.1 NON Alpha Numeric character(s) required. 

When I create a user with password combinations: 12345a, 123456a, A12345

Message is thrown as: Registration failed! message is: InvalidPassword



04 Dec 201511:09AM Comment 5 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 11-12-2015 12:00 AM Time Taken: 1.00
Tested. pass.

If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L07143 in the subject line of all emails regarding this issue.

Document size: 2.7 KB
For call complaints, please contact the Managing Director of the company using this form