Password Requirements

[Bryan]

So I have some pretty industry standard password requirements that I have been tasked with implementing into our BSV. I know I have read many posts talking about these items being possible but wanted to see if anyone has rule examples of any of the following requirements. No sense in reinventing the wheel if not needed.

Password Requirements:
• Password Expires every 90 days
• User cannot use the same password as any of their past 12 passwords
• Account locks after 5 invalid login attempts
• On creation of a new user assign a temporary password that expires in 10 days (meaning if the user has not logged in within ten days with the password expire it).
• Change password on initial login

If you have any ideas/examples regarding the above requirements I am all ears.

Once I have the final setup I look forward to sharing how it was accomplished with the forums.

[tford]

Bryan,

It's very do-able to build all those into a BSV using SystemUser attributes/rules, processes & notifications (LoginNotification and LoginAttemptNotification).

Do you have specific questions?

[Bryan]

Tom, Thanks for the reply.

I guess I am not looking to reinvent the wheel with these 5 specific requirements. My guess is that someone has run into this need in the past and accomplished the task. I have seen a couple of places through out the forums where it is mentioned that it is possible but nothing helpful on how exactly people have accomplished it.

My overall my goal here is two things 1) to meet the client requirements as listed 2) to educate the community with specific examples of how this can be accomplished so that in the future adding these items to a BSV is as simple as copying the rules in and a few simple tests.

[CalD]

Sorry - mini hijack...

One item I'd like to add here would be: is it possible to automatically verify user email when they signup - i.e signup, send a link to their email they click to verify before they can login to the system... I'd assume shouldn't be too hard...

[customaware]

Callum, that can be achieved using the SET Action.

SET Account FROM IncomingEmail.Message

[BenHayat]

Callum, that can be achieved using the SET Action.

SET Account FROM IncomingEmail.Message

Mark, how does the above answer, does what Callum was asking on email verification? Can you expand please?

[customaware]

Now that you mention it Ben. Good point

My mind immediately went to SET but, SET will only work for a reply email but not for a link.

I will have to think about it a bit more for setting a return link.

[BenHayat]

Now that you mention it Ben. Good point

My mind immediately went to SET but, SET will only work for a reply email but not for a link.

I will have to think about it a bit more for setting a return link.

That's what through me off.

[aware_support]

Code: Select all

• Account locks after 5 invalid login attempts

There is an option in Aware IM that does exactly that - check out the Login Options menu command (select the Business Space Version and use the Version menu)

The rest can be implemented using business rules.

[customaware]

Any suggestions for emailing a confirmation login link Support.

And ideas, suggestions, steps?

[aware_support]

Code: Select all

Any suggestions for emailing a confirmation login link Support.
And ideas, suggestions, steps?

Not sure what you mean. How to create a login link? The link should use the firstCommand parameter to execute some process on startup that will perform the confirmation.

[customaware]

Using firstcommand is not an issue but how do you include some string parameter for firstcommand in the url?

[aware_support]

By just building this string using rules:

SomeObject.Link = '<a href="http://server:8080/AwareIM/logonOp.aw?domain=' + DOMAIN() + '&firstCommand=startProcess,...

etc

[customaware]

SomeObject.Link = '<a href="http://server:8080/AwareIM/logonOp.aw?domain=' + DOMAIN() + '&firstCommand=startProcess,...

That is not my point....

We need something like.

SomeObject.Link = '<a href="http://server:8080/AwareIM/logonOp.aw?domain=' + DOMAIN() + '&firstCommand=startProcess + &parm='E38jhsue937dhsjw7r7829w0sjdue73u'...

Where "E38jhsue937dhsjw7r7829w0sjdue73u" is a parameter that Aware accepts as the identifying key for the person that the system just sent the authentication email to.
So when that parameter comes bakc in.. the firstCommand process matches it up with the code that was sent and validates.

[RLJB]

Mark - I think you kinda just answered your own question

Why not do this:

1. On signup you set username and create a password for the user (use the Aware function to create password, make it a random long key)

2. Then using rules you build a login link, why not actually use the username and password in the link, then encrypt the link using the Aware function)

3. Email it to user

4. When they click it they are actually logging in with their user name and password (but can't see it because it's encrypted). Have a process (first command) to check first login and prompt them to enter new password.