Working with password security
The enhanced password security option enables you to control the rules when a password is specified. You can control:
- The minimum length of a password.
- The maximum length of a password.
- The minimum number of non-alphabetic characters in a password.
- The lifetime of the password.
- The frequency at which the user can reuse the password.
- The characters that are not allowed in a password. The Infor Connect Password Reset menu is the recommended method for resetting user passwords. See the Infor Expense Management User Guide.
The alwf_appl_parameters table includes the parameters that enable enhanced password security. These parameters are configured during the installation process.
The table lists the parameters to be configured for th enhanced password security:
Parameter | Meaning and Values |
---|---|
login.allowMultipleUserSessions | Specifies if a user can have more than one login session. This is required if a user is running a mobile product from a device or WAP- enabled phone. |
login.secure.maximumPasswordLength |
The maximum number of characters that a user can include in a password. This value must be greater than zero. |
login.secure.minimumPasswordLength | The minimum number of characters that a user must include in the password. |
login.secure.nonAlphabeticCharCount | The minimum number of non-alphabetic characters that a user must include in the password. |
login.secure.passwordExcludeCharSet | The set of characters that the user cannot
use in a password. For example : !, @, #
The word null specifies that no characters are excluded. Note: This application parameter has been commented out of the
wf_appl_parameters file because the XML Load Tool feature does not allow an
empty or null string. You can add this parameter manually if you want to use
the parameter as long as you understand the limitation.
|
login.secure.passwordHistorySize | The maximum number of previous passwords (other than the current password) that can be maintained in the application. This parameter determines how frequently a user can reuse a password. |
login.secure.passwordLifetime | The duration of a password is expressed in the number of days. This value must be greater than zero. The user must modify a password when the password expires. |