User Management Security Policy
Applications Manager supports user management security policy for password validation.
Validation:
- Password should not be same/part of your Login name
- Password length should not be less than 8 characters
- Password length should not be greater than 255 characters
- Password should contain atleast 1 numeric character
- Password should contain atleast 1 special character
- Password should contain both uppercase and lowercase characters
- Password should not be the same as your last 4 passwords
- Password validation should be done in both server and client side.
Client side validation:
- Check for password length - should not be less than 8 characters
- Check for password length - should not be greater than 255 characters
- Check for password - should contain atleast 1 numeric character
- Check for password - should contain atleast 1 special character
- Check for password - should contain both uppercase and lowercase characters
- Check for password - should not be same/part of your Login name
Server side validation:
Above, the validation was given for client side. It is also done in server side. When Client validation has failed due to some malicious action (like truncating password) then server side validation should happen before changes happen to password.
- Check for password - should not be the same as your last 4 passwords
- Check for password - should contain atleast 1 numeric character
- Check for password - should contain atleast 1 special character
- Check for password - should contain both uppercase and lowercase character
- Check for password - should not be same/part of your Login name
- Password should not have more than three consecutive characters from the previous password
Account Lock-out Feature:
- User can try a maximum of 5 times with unsuccessful login, afterwards account automatically gets locked out.
- After 30 minutes of time, it gets locked out automatically.
- It will show the error message once it gets locked.
Single session per user:
- Application will allow the user to have only one session per user id at any point of time.
- Same user can not be connected to server from different machines/webclient at the same time.
- It will show the error message that “User Already logged in”