Working with password security

The enhanced password security option enables you to control the rules when a password is specified. You can control:

  • The minimum length of a password.
  • The maximum length of a password.
  • The minimum number of non-alphabetic characters in a password.
  • The lifetime of the password.
  • The frequency at which the user can reuse the password.
  • The characters that are not allowed in a password. The Infor Connect Password Reset menu is the recommended method for resetting user passwords. See the Infor Expense Management User Guide.

The alwf_appl_parameters table includes the parameters that enable enhanced password security. These parameters are configured during the installation process.

The table lists the parameters to be configured for th enhanced password security:

Parameter Meaning and Values
login.allowMultipleUserSessions Specifies if a user can have more than one login session. This is required if a user is running a mobile product from a device or WAP- enabled phone.
login.secure.maximumPasswordLength

The maximum number of characters that a user can include in a password.

This value must be greater than zero.

login.secure.minimumPasswordLength The minimum number of characters that a user must include in the password.
login.secure.nonAlphabeticCharCount The minimum number of non-alphabetic characters that a user must include in the password.
login.secure.passwordExcludeCharSet The set of characters that the user cannot use in a password. For example : !, @, #

The word null specifies that no characters are excluded.

Note: This application parameter has been commented out of the wf_appl_parameters file because the XML Load Tool feature does not allow an empty or null string. You can add this parameter manually if you want to use the parameter as long as you understand the limitation.
login.secure.passwordHistorySize The maximum number of previous passwords (other than the current password) that can be maintained in the application. This parameter determines how frequently a user can reuse a password.
login.secure.passwordLifetime The duration of a password is expressed in the number of days. This value must be greater than zero. The user must modify a password when the password expires.