Can I enforce a company password policy?

Password Options

There are a number of options available to control a user’s password.  These meet the majority of policies our customers have asked for.
In the Users Settings section of the project schema setup the management can set the policy that users must adhere to.

control over password policy
Password Settings

This can include

  • Use password ageing
  • 3 login failures
  • Warn of password expiry
  • Enforce minimum password size
  • Enforce password format
  • Enforce unique passwords in cycles
  • Users can change password only once/day
  • Force users to change password
  • Password must contain at least one uppercase character
  • Password must contain at least one lowercase character
  • Password must contain at least one numeral
  • Password must contain at least one special character ` ! $ ^ * ( ) _ + – = { } [ ] : @ ~ ; < > ? . /|
  • Passwords may not match usernames (case insensitive comparison)

Does a user get told why their password is wrong?

When entering the password field, the box will remain with a red border until the password matches the criteria. The ℹ symbol will bring up a dialog telling you what’s causing the rejection. This will enable the user to select a password that matches your company password policy.

Password policy highlighting / reporting
Password Entry

What if a User forgets?

A user with MODIFY_USER privilege  can reset the user’s password by logging in and entering the User Setup dialog. If the user’s account has been disabled because of too many wrong attempts it can be re-enabled here too.

What if we can’t remember an administrator’s account password?

If you are trying to reset a User’s password and can’t remember the password of the user with MODIFY_USER privilege, you could sign on as the database manager account  MANAGER. This account has all privileges including ACCESS_BYPASS and can be used to reset any of the users.

What if we can’t remember the MANAGER account password?

This super user account should be carefully guarded. Some clue or encrypted version of the password should be locked away in a safe or special password manager on a closed system depending on your company password policy. However, all is not lost, you will need to speak with your IT department, to get someone with access to the raw data files. Then you will need to contact 3SL support support@threesl.com who will be able to assist in resetting the passwords to a new known value.

Can 3SL tell us what the passwords are?

No, sorry. The password file does not work like that. They would only be able to reset them to something new (which you’d be advised to get each user to change as soon as they  next login)

What are the alternatives?

You could use LDAP authentication and then the passwords the user has to enter will match the policy set for your LDAP server.