Subject: | Enforce use of special characters in passwords when registering on Web applications |
Summary: | A request was made by XXXXX to enforce passwords to be 8 Characters long and contain Special characters.
Requirments
The existing XXXXX Password Policy requires that all passwords be at least 8 characters long. It must also contain numbers, punctuation and letters (both upper and lowercase) and must anything that can be easily guessed or deduced by potential attackers based on the users personal, family, social, academic or work circumstances.
Action Taken
As advised I had set had set the minimum length as 8 and minimum nonalphacharacters as 2 in the web config file.
When registering - Tried to create a user with password as 12 - system did not allow create user. Message - Invalid Password
- Tried to create a user with password as supergirl - system did not allow create user . Message - InvalidPassword.
- User was created successfully with password as 78#$abcd.
Change - Alter the message to instruct user to include special characters when registering.
|
Audit Notes: | |
02 Dec 2015 | 12:15PM Comment 1 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 11-12-2015 12:00 AM Time Taken: 1.00 |
| Allovcated to patch 1 for Helpdesk |
|
03 Dec 2015 | 04:24PM Comment 2 by Sanjay (Link Technologies) Assigned To: Alvis (Link Technologies) Followup Date: 11-12-2015 12:00 AM Time Taken: 3.00 |
| Hi Alvis, I have changed the registration process to display the NON Alpha Numeric characters. Please change LT_SYS_Module version to 7.5.0.8 and assign to Rashna to validate. Screenshot of message expected below. Figure 1: Message showing password strength settings. |
|
04 Dec 2015 | 10:46AM Comment 3 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 11-12-2015 12:00 AM Time Taken: 1.00 |
| Completed. Included RM site files to patch 8. |
|
04 Dec 2015 | 11:03AM Comment 4 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 11-12-2015 12:00 AM Time Taken: 1.00 |
| I have changed the password requirments to be: minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="1" The message displayed on registration is: Passwords must be a minimum of 6 characters in length.1 NON Alpha Numeric character(s) required. When I create a user with password combinations: 12345a, 123456a, A12345 Message is thrown as: Registration failed! message is: InvalidPassword
|
|
04 Dec 2015 | 11:09AM Comment 5 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 11-12-2015 12:00 AM Time Taken: 1.00 |
| Tested. pass. |
|