Resources

Strong Passwords

By Patrick Bracken | July 6, 2015

Release 2015.6.2.110 features the addition of the option to require strong passwords for all users when logging into the application.

Basic Info

The option to use strong passwords can be configured in the web.config file.  This is done by setting the UseStrongPassword value to either Y for yes or N for no.

A strong password must be at least 8 characters and consist of the following: lower case letters, upper case letters, and one other type of character such as numbers.  While the minimum length is 8 characters, this can be made longer by setting the PasswordMinLength value higher.  This is also configured in the web.config file.  When a user changes their password, they must change it to something different than their current password.  The new password does not have to be unique every time it is changed, but it cannot be the same as the one that is currently expiring or being changed.

If an admin either creates a new user, or sets a new password for a user, the user has 45 days to reset their password before the password for that account expires.

As an added security measure, a user must always type in the Company ID when logging in if strong passwords are enabled.

Expiration Days

There are two other values that can be configured when choosing to use strong passwords.  First, the amount of time a new password is valid before it expires again can be set by adjusting the PasswordExpirationDays value.  This value determines the number of days the expiration date of a new password is moved out when the user goes to change it.

Warning Days

The other value that can be set when using strong passwords is PasswordWarningDays.  This value determines the number of days notice a user gets alerting them that their password is going to expire.  If the expiration date falls within this period of days, a warning pops up, telling the user how many days they have until their password expires.  At this time, the user may change their password or click OK, simply logging in.  If they do not change their password at that time, they will once again be prompted with the warning the next time they log in.  If the expiration date passes and the password is not changed, the user must change their password before they are able to continue logging in and using Syntelic.

If an admin either creates a new user, or sets a new password for a user, the user has 45 days to reset their password before the password for that account expires.

Related Posts