The user security can be enhanced by adding the property mz.security.user.control.enabled
and setting the value to true
in values.yaml
before deployment.
By default this property is set to false
in Platform pod. When set to true
, additional rules for passwords are applied as soon as the Platform pod is restarted.
Password Rules
If enhanced user security is enabled, the default password rules are:
The password must:
Be at least eight characters long.
Include at least one special character and one that is either a number or capital letter.
The password must not:
Contain more than two identical characters in an uninterrupted sequence. Such as "aaa".
Include the username.
Be in alphabetical sequence, such as Abcd.
Be in numerical sequence, such as 1234.
Be in any US keyboard pattern, such as Qwerty.
Contain any whitespace.
Be identical to any of the recent twelve (minimum) passwords used for the user ID.
Info!
Repetitive characters that are not consecutively sequenced are still valid. Such as "adadad".
The password age properties will be applied:
The property
mz.security.max.password.age.admin
is set in platform.conf by default with the value of 30 days. This property is only applicable for users that are members of the Administrator access group.The property
mz.security.max.password.age.user
is set in platform.conf by default with the value of 90 days. This property is applicable for any other users that are not members of the Administrator access group.
Other Password Rules
If you have a custom password policy that you will want to include with the default policies listed above, you can modify or add new password rules with the Platform properties that are stated in the section Enhanced User Security Platform Properties of the Platform Properties (3.2).
0 Comments