Previous topicNext topic
 Link Technologies - LinkSOFT Documentation 
Help > Installation > Post Installation Configuration and Setup >
Configure Password Policy

Password Complexity

Password Complexity is a measure to increase security to prevent data breach. The following are recommended for a strong password:

  1. Passwords must be at least 8 characters in length.
  2. Passwords should contain both upper and lowercase alphabetic characters (e.g A-Z, a-z)
  3. Passwords should have at least one numerical character ( e.g 0-9)
  4. Passwords should have at least one non alphanumeric characters (e.g  ~!@#$% ^&*())

Password Settings

Configure below settings under the "AspNetSqlMembershipProvider" section in the  LinkWEB "web.config' file. Refer to Figure 1.

  1. MinRequiredPasswordLength - This defines the minimum length of a password. If the configuration value is 4 then,
    1. Password A which is "ABC" will not be created.
    2. Password B which is "ABCDE" will be created
  2. MinRequiredNonalphanumericCharacters - This defined the minimum number of non alphanumeric charters in a password. If the configuration value is 2 then,
    1. Password A which is "A#C" will not be created.
    2. Password B which is "A#CD!" will be created
  3. MaxInvalidPasswordAttempts - This is the number of times a user can retry to login before the user account is locked. For example, if the value is 3, and the user enters invalid details for the 4th time, system will lock the user.
    1. An email notification is sent to the user when the user account gets locked.
    2. Configure the contents of the email in the "User Account Locked Out" template under "LinkWEB - Company Administration - Document Templates ".
  4. PasswordAttemptWindow - This is the time in minutes after which the user account is unlocked.
Password Expiry
 
Password Expiry is a mechanism to make users change their passwords regularly. For example, passwords are set to expire in 90 days.
 
Steps to implement Password Expiry
 
  1. Navigate to "LinkWEB - Company Administration Processes".
  2. Search for process "SYS010 - Enforce Password Expiration"
    1. Configure the "Password Expiry Days" - This is the number of days after which the password will expire. The user will be forced to change the password on login after the configured number of days has passed.
  3. Enable the process.
Login Captcha
"Login Captcha" is a security to disallow robotic or scripted login.  
  1. A "Security Code" is added to the "Login Page" when the user login fails.
  2. Users will need to enter the password and captcha to login.

Figure 1: Configuration for Password Complexity

Additional password restrictions can be implemented using RegEX validation. Using the menu "Company Administration ~> Configuration" set the configuration shown below to add additional password validation.

  1. Flag: "PasswordValidationRegEx ". This value is the RegEX used to validate the password. Example:
    1. ^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$  Min length 8, at least one letter and one number
    2. ^(?=.*[A-Za-z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!%*#?&]{8,}$  Min length 8, at least one letter, one number and one special character
    3. ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$  Min length 8, at least one uppercase letter, one lowercase letter and one number
    4. ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$  Min length 8, at least one uppercase letter, one lowercase letter, one number and one special character
    5. ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,10}$  Min length 8, Max length 10, at least one uppercase letter, one lowercase letter, one number and one special character
  2. Flag: "PasswordValidationErrorText ". This value is displayed to the user if the complexity does not match the Regex value.

Note that new users will be validated against the configuration in the "Default Company" defined in the web.config. For authenticated users, the current company context configuration values will be used.