Enhanced User Security

Owned by Kevin Wu
Last updated: Aug 18, 2023 by Chooi San Chong
1 min read

The user security can be enhanced by adding the property mz.security.user.control.enabled and setting the value to true in values.yaml before deployment.

By default this property is set to false in Platform pod. When set to true, additional rules for passwords are applied as soon as the Platform pod is restarted.

Password Rules

If enhanced user security is enabled, the default password rules are:

  1. The password must:

    • Be at least eight characters long.

    • Include at least one special character and one that is either a number or capital letter.

  2. The password must not:

    • Contain more than two identical characters in an uninterrupted sequence. Such as "aaa".

    • Include the username.

    • Be in alphabetical sequence, such as Abcd.

    • Be in numerical sequence, such as 1234.

    • Be in any US keyboard pattern, such as Qwerty.

    • Contain any whitespace.

    • Be identical to any of the recent twelve (minimum) passwords used for the user ID.

Info!

Repetitive characters that are not consecutively sequenced are still valid. Such as "adadad".

  1. The password age properties will be applied:

    • The property mz.security.max.password.age.admin is by default set in platform.conf with the default value of 30 days. This property is only applicable for users that are members of the Administrator access group.

    • The property mz.security.max.password.age.admin is also by default set in platform.conf with the default value of 90 days. This property is applicable for any other users that are not members of the Administrator access group.

Other Password Rules

If you have a custom password policy that you will want to include with the default policies listed above, you can modify or add new password rules with the Platform properties that are stated in the section Enhanced User Security Platform Properties of the Platform Properties.