Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The security user control can be enhanced by adding the systemProperties mz.security.user.control.enabled=true in values.yaml before deployment. By default this property is set to false in platform pod.

If set to true a number of rules regarding the passwords apply as soon as the platform is restarted.

...

Password Rules

If enhanced user security is enabled, the default password rules are:

  1. The password must:

  • Be at least eight characters long.

  • Include at least one special character and one that is either a number or capital letter.

  1. The password must not:

  • Contain more than two identical characters in an uninterrupted sequence. Such as "aaa".

  • Include the username.

  • Be in alphabetical sequence, such as Abcd.

  • Be in numerical sequence, such as 1234.

  • Be in any US keyboard pattern, such as Qwerty.

  • Contain any whitespace.

  • Be identical to any of the recent twelve (minimum) passwords used for the user ID.

Info

Repetitive characters that are not consecutively sequenced are still valid. Such as "adadad".

  1. The password age properties will be applied:

The property mz.security.max.password.age.admin is by default set in platform.conf and with default value is 30 days. This property is only applicable for administrators, i e users that are members of the Administrator group.

The default password age for other users is 90 days.property mz.security.max.password.age.admin is also by default set in platform.conf with default value 90 days. This property is applicable for any other users that are not a members of Administrator group.

Other Password Rules

If you have a custom password policy that you will want to include with the default policies listed above, you can use the mz.security.user.control.password.extra properties.

...