Versions Compared

Old Version 4

changes.mady.by.user Chooi San Chong

Saved on

compared with

New Version Current

changes.mady.by.user Yeok Hong Ng (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The user security user control can be enhanced by adding the systemProperties the property mz.security.user.control.enabled in  and setting the value to true in values.yaml before deployment.

By default, this property is set to false in Platform pod. If When set to true a number of rules regarding the passwords apply , additional rules for passwords are applied as soon as the platform Platform pod is restarted.

...

Password Rules

If enhanced user security is enabled, the default password rules are:

  1. The password must:

    • Be at least eight characters long.

    • Include at least one special character and one that is either a number or capital letter.

  2. The password must not:

    • Contain more than two identical characters in an uninterrupted sequence. Such as "aaa".

    • Include the username.

    • Be in alphabetical sequence, such as Abcd.

    • Be in numerical sequence, such as 1234.

    • Be in any US keyboard pattern, such as Qwerty.

    • Contain any whitespace.

    • Be identical to any of the recent twelve (minimum) passwords used for the user ID.

Info

Info!

Repetitive characters that are not consecutively sequenced are still valid. Such as "adadad".

  1. The

...

If you have a custom password policy that you will want to include with the default policies listed above, you can use the mz.security.user.control.password.extra properties.

You can modify the password rules with the following Platform properties:

All properties listed below is only applicable when the value of mz.security.user.control.enabled is set to true.

Property

Description

mz.security.max.password.age.enabled

Default value: false

Enables or disables the password expiration check.  This property is only applicable when mz.security.user.control.enabled is also set to true.

If both properties above are set to true, user is required to change password every N days set in mz.security.max.password.age.admin and mz.security.max.password.age.user.

mz.security.max.password.age.admin

Default value: 30

The maximum password age for administrator users in days.

Please refer mz.security.max.password.age.enabled column.

mz.security.max.password.age.user

Default value: 90

The maximum password age for users in days.

Please refer mz.security.max.password.age.enabled column.

mz.security.max.password.history

Default value: 12

The maximum amount of recent passwords to retain for a user ID, to prevent the same password from being reused.

mz.security.user.control.password.numcaps.count

Default value: 1

The minimum number of upper case characters  or number of numerical characters, in a password.

mz.security.user.control.password.numcaps.message

Default value: The password needs at least one capital letter or a number in it.

The message to be displayed for the user when they have not met the condition for the minimum number of upper case or numerical characters in the password.

mz.security.user.control.password.numcaps.pattern

Default value: [A-Z0-9]

The pattern of the permitted values in regular expression. The password will be matched to the pattern to determine if the condition is met.

mz.security.user.control.password.length.count

Default value: 8

The minimum total number of characters in a password.

mz.security.user.control.password.length.message

Default value: The password needs to be at least 8 characters.

The message to be displayed for the user when they have not met the condition for the minimum length of the password.

mz.security.user.control.password.lowercase.count

Default value: ""

The minimum total number of lowercase characters in a password.

mz.security.user.control.password.uppercase.count

Default value: ""

The minimum total number of uppercase characters in a password.

mz.security.user.control.password.number.count

Default value: ""

The minimum total number of numeric characters in a password.

mz.security.user.control.password.special.count

Default value: 1

The minimum number of special characters, in a password.

mz.security.user.control.password.special.message

Default value: The password needs to contain at least 1 special character(s).

The message to be displayed for the user when they have not met the condition for the minimum number of special characters in the password.

mz.security.user.control.password.special.pattern

Default value: [\\W_]

The pattern of the permitted values in regular expression. The password will be matched to the pattern to determine if the condition is met.

mz.security.user.control.password.repetition.message

Default value: The password contains too many consecutive identical characters.

The message to be displayed for the user when they have not met the condition for the password having the least amount of multiple repeated characters in a sequence.

mz.security.user.control.password.username.message

Default value: The username may not be a part of the password.

The message to be displayed for the user when they have the username contained withing the password.

mz.security.user.control.password.history.message

Default value: The password may not be a recently used password.

The message to be displayed for the user when they are reusing a password that they have used before.

mz.security.user.control.password.extra.count

Default value: ""

The minimum number of characters for the extra user policy.

mz.security.user.control.password.extra.message

Default value: ""

The message to be displayed for the user when they did not meet the requirements of the extra user policy.

mz.security.user.control.password.extra.pattern

Default value: ""

The pattern of the permitted values. The password will be matched to the pattern to determine if the condition is met.

mz.security.user.control.password.extra.type

Default value: ""

The type that determines what the extra pattern will be. The value of this property can be set to regexp or none. Setting it to regexp ensures that the pattern has to conform to regular expressions..

...

  1. password age properties will be applied:

    • The property mz.security.max.password.age.admin is set in platform.conf by default with the value of 30 days. This property is only applicable for users that are members of the Administrator access group.

    • The property mz.security.max.password.age.user is set in platform.conf by default with the value of 90 days. This property is applicable for any other users that are not members of the Administrator access group.

Other Password Rules

If you have a custom password policy that you will want to include with the default policies listed above, you can modify or add new password rules with the Platform properties that are stated in the section Enhanced User Security Platform Properties of the Platform Properties (3.2).