Company: Link Technologies
Case No: L12825. Project: 14.40: LinkSOFT Version 14.40 - February 2023
Logged By: Vineshwar Prasad (Edge Business Solutions) on 05 Dec 2022 09:28AM
Priority: High
Product: Framework
Group: Enhancement
Time Taken: 36.00 (Weight: 2.00)
Assigned To: Development
Circulation: Development, Sanjay, Vineshwar Prasad
Resolve By: Friday, 20 January 2023 05:34 PM [500 days since logged date]
Status: Closed
Subject: Password Policy to include more complexity
Summary:    Comply with clients Password Policy Request in LInkSOFT

The following are the requirements;
  1. The password must be, at least, 8 characters long
  2. The password must include, at least, an upper case, lower case, numeric and special character
Audit Notes:Edited by sanjay on 18/01/23 13:35. Edited by sanjay on 18/01/23 09:37. Edited by sanjay on 12/01/23 09:59. Edited by sanjay on 12/01/23 09:57. Edited by sanjay on 12/12/22 14:45. Edited by vineshwar on 05/12/22 09:28. 
25 Nov 202211:22AM Comment 1 by Vineshwar Prasad (Edge Business Solutions) Assigned To: Vineshwar Prasad (Edge Business Solutions) Followup Date: 30-11-2022 11:04 AM Time Taken: 1.00 Notes: Edited by sanjay on 18/01/23 13:36. Edited by vineshwar on 25/11/22 11:29. ETC extended from: 22/11/2022 to 30/11/2022
Bula,

We have a discussion with our development team on Monday 21/11/22 and the following was advised;
  1. The system can currently handle the 8 Characters Long Password Enforcement via the Web Config File [minRequiredPasswordLength]
  2. The system can currently handle the Special Character Password Enforcement via the Web Config File [minRequiredNonalphanumericCharacters]
  3. The system can currently handle the Numeric Character Password
  4. The system can currently handle the Lower Case Character Password
  5. The system can currently handle the Upper Case Character Password
We will look at the following option internally and advise;
  1. The system to Enforce the minimum requirement for this in the Password - Numeric Character
  2. The system to Enforce the minimum requirement for this in the Password - Upper Case
  3. The system to Enforce the minimum requirement for this in the Password - Lower Case
Regards
Vineshwar Prasad

01 Dec 202201:25PM Comment 2 by Jessica Lum (Coca-Cola Europacific Partners Fiji Pte Limited) Assigned To: Sanjay (Link Technologies) Followup Date: 02-12-2022 01:25 PM Notes: Edited by vineshwar on 05/12/22 09:27. Comment entered from the WEB using email sent to: Jessica.Lum@ccamatil.com

Case transferred to Development


12 Jan 202309:59AM Comment 3 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 31-01-2023 01:57 PM Time Taken: 1.00 Notes: Edited by sanjay on 18/01/23 13:37. 
** Email ***
Vineshwar Prasad <vineshwar@edgebizsolutions.com> Fri, 18 Nov 2022, 09:24 to Jessica, Daniel, Rahul, Sitla-Edge, Alberto, me, Rizwan, Frank, Amita, Faaris, Marta, Kristen, Teri, Ander, Don, Lillian, Tim

Hi Jessica,

I'm getting the requirements verified with my team as some request is already supported. Will update you soon after the discussion.

Also to add to this security, we already have Two-Factor Authentication as below;
  1. Two-Factor Authentication - Using Email" is enabled, the system sends an email to the user's registered email address with a security code.
  2. Two-Factor Authentication - Using Authenticator App" is enabled, use the code from the authenticator app.
You can get more details on this link.

Regards

Vineshwar

12 Jan 202309:59AM Comment 4 by Sanjay (Link Technologies) ETC was changed from 30/11/2022 to 31/01/2023
12 Jan 202309:59AM Comment 5 by Sanjay (Link Technologies) Case L12825 added to project 14.40
18 Jan 202301:35PM Comment 6 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 20-01-2023 05:34 PM Time Taken: 22.00 Notes: Edited by sanjay on 31/01/23 16:02. ETC extended from: 31/01/2023 to 20/01/2023
PART A - Development work for this case has been completed.

1. The change will be available in version: 14.40

2. The following changes were made(Include Database object names, Program classes, and any other relevant information):

  1. Added configuration values for RegEX settings and Error Text
  2. Implemented additional Password complexity for new users. Details are at this link.

3. Affected Areas:

  1. Create new user

4. The issue was caused by:

  1. Improvement

5. Other Relevant Notes
6. Next Step
 (Review and System Test (Developer) -> UAT (Quality) -> Documentation):


PART B -
 Development Reference (Place descriptor for objects changed)
:

Additional password restrictions can be implemented using RegEX validation. Using the menu "Company Administration ~> Configuration" set the configuration shown below to add additional password validation.

  1. Flag: "PasswordValidationRegEx". This value is the RegEX used to validate the password. Example:
    1. ^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$ Min length 8, at least one letter and one number
    2. ^(?=.*[A-Za-z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!%*#?&]{8,}$ Min length 8, at least one letter, one number and one special character
    3. ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$ Min length 8, at least one uppercase letter, one lowercase letter and one number
    4. ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$ Min length 8, at least one uppercase letter, one lowercase letter, one number and one special character
    5. ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,10}$ Min length 8, Max length 10, at least one uppercase letter, one lowercase letter, one number and one special character
  2. Flag: "PasswordValidationErrorText". This value is displayed to the user if the complexity does not match the Regex value.

Note that new users will be validated against the configuration in the "Default Company" defined in the web.config. For authenticated users, the current company context configuration values will be used.


26 Jan 202310:09AM Comment 7 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 01-02-2023 01:59 PM Time Taken: 12.00
The following tests were performed:

Table 1 - Test Results

Change Configuration for the following and verify the password is enforced:
Flag: "PasswordValidationRegEx".

  1. ^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$ Min length 8, at least one letter and one number. Pass
  2. ^(?=.*[A-Za-z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!%*#?&]{8,}$ Min length 8, at least one letter, one number and one special character. Pass 
  3. ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$ Min length 8, at least one uppercase letter, one lowercase letter and one number. Pass
  4. ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$ Min length 8, at least one uppercase letter, one lowercase letter, one number and one special character. Pass 
  5. ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,10}$ Min length 8, Max length 10, at least one uppercase letter, one lowercase letter, one number and one special character. Pass 

Environment Details
  1. OS version: Win11
  2. Application version: 14.40
  3. Setup on:
    1. Server: LinkQA4
    2. Database: LinkSOFT
    3. LinkSOFT URL: HTTP://LinkQA4/LinkSOFT
  4. Login Details: Standard username and password for user "admin"

Next Step: Closure


If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L12825 in the subject line of all emails regarding this issue.

Document size: 12.3 KB
For call complaints, please contact the Managing Director of the company using this form