The security user control can be enhanced by adding the systemProperties mz.security.user.control.enabled=true
in values.yaml
before deployment. By default this property is set to false
in platform pod.
If set to true
a number of rules regarding the passwords apply as soon as the platform is restarted.
Password Rules
If enhanced user security is enabled, the default password rules are:
The password must:
Be at least eight characters long.
Include at least one special character and one that is either a number or capital letter.
The password must not:
Contain more than two identical characters in an uninterrupted sequence. Such as "aaa".
Include the username.
Be in alphabetical sequence, such as Abcd.
Be in numerical sequence, such as 1234.
Be in any US keyboard pattern, such as Qwerty.
Contain any whitespace.
Be identical to any of the recent twelve (minimum) passwords used for the user ID.
Repetitive characters that are not consecutively sequenced are still valid. Such as "adadad".
The password age properties will be applied:
The property mz.security.max.password.age.admin
is by default set in platform.conf with default value 30 days. This property is only applicable for administrators, i e users that are members of the Administrator group.
The property mz.security.max.password.age.admin
is also by default set in platform.conf with default value 90 days. This property is applicable for any other users that are not a members of Administrator group.
Other Password Rules
If you have a custom password policy that you will want to include with the default policies listed above, you can modify or add new password rules with the Platform properties that stated in section “Enhanced User Security Platform Properties“ Platform Properties (3.2)
Add Comment