Enhanced User Security (3.3)

Owned by Jenni Wallin
Last updated: Aug 06, 2024 by Yeok Hong Ng (Deactivated)
1 min read

The user security can be enhanced by adding the property mz.security.user.control.enabled and setting the value to true in values.yaml before deployment.

By default, this property is set to false in Platform pod. When set to true, additional rules for passwords are applied as soon as the Platform pod is restarted.

Password Rules

If enhanced user security is enabled, the default password rules are:

  1. The password must:

    • Be at least eight characters long.

    • Include at least one special character and one that is either a number or capital letter.

  2. The password must not:

    • Contain more than two identical characters in an uninterrupted sequence. Such as "aaa".

    • Include the username.

    • Be in alphabetical sequence, such as Abcd.

    • Be in numerical sequence, such as 1234.

    • Be in any US keyboard pattern, such as Qwerty.

    • Contain any whitespace.

    • Be identical to any of the recent twelve (minimum) passwords used for the user ID.

Info!

Repetitive characters that are not consecutively sequenced are still valid. Such as "adadad".

  1. The password age properties will be applied:

    • The property mz.security.max.password.age.admin is set in platform.conf by default with the value of 30 days. This property is only applicable for users that are members of the Administrator access group.

    • The property mz.security.max.password.age.user is set in platform.conf by default with the value of 90 days. This property is applicable for any other users that are not members of the Administrator access group.

Other Password Rules

If you have a custom password policy that you will want to include with the default policies listed above, you can modify or add new password rules with the Platform properties.