password compliance not enforced

SM 11 is not enforcing password compliance when a user changes his/her password. Several weeks ago we went through a stressful period of forcing password resets for users whose passwords did not meet compliance. Everything seemed to be running smoothly until today when I happened to find the Password Policy Compliance report and realized that several users had reset their passwords to something that did not meet requirements. I wondered how this was possible, so I went into an account and reset a password to something that did not comply and it worked.

I have the following Password Requirements enabled: minimum password length set to 7, require a number, require a capital letter, require a lower case letter, and require the password does not match the username.

Most of the reset passwords don't meet length requirements. One user changed his to match his username (although he did use a capital letter), but no numbers.

What am I missing?

Bruce Barnes Replied

2/21/2014 at 3:46 PM

Check your settings on SECURITY ===> ADVANCED SETTINGS ===> PASSWORD REQUIREMENTS and make certain you have your security set as desired and you DO NOT HAVE "disable password strength for existing passwords" checked.

These settings apply to ALL domains.

Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Shayne Embry Replied

3/31/2014 at 5:55 PM

I did not have the setting disabled. It's moot now, there doesn't appear to be a problem since the upgrade to 12.x

2 Replies

Reply to Thread

Related Knowledge Base Articles