password compliance not enforced
Problem reported by Shayne Embry - 2/11/2014 at 6:25 PM
SM 11 is not enforcing password compliance when a user changes his/her password. Several weeks ago we went through a stressful period of forcing password resets for users whose passwords did not meet compliance. Everything seemed to be running smoothly until today when I happened to find the Password Policy Compliance report and realized that several users had reset their passwords to something that did not meet requirements. I wondered how this was possible, so I went into an account and reset a password to something that did not comply and it worked.
I have the following Password Requirements enabled: minimum password length set to 7, require a number, require a capital letter, require a lower case letter, and require the password does not match the username.
Most of the reset passwords don't meet length requirements. One user changed his to match his username (although he did use a capital letter), but no numbers.
What am I missing?

2 Replies

Reply to Thread
Bruce Barnes Replied
Check your settings on SECURITY ===> ADVANCED SETTINGS ===> PASSWORD REQUIREMENTS and make certain you have your security set as desired and you DO NOT HAVE "disable password strength for existing passwords" checked.
These settings apply to ALL domains.
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
Shayne Embry Replied
I did not have the setting disabled. It's moot now, there doesn't appear to be a problem since the upgrade to 12.x

Reply to Thread