So I have some pretty industry standard password requirements that I have been tasked with implementing into our BSV. I know I have read many posts talking about these items being possible but wanted to see if anyone has rule examples of any of the following requirements. No sense in reinventing the wheel if not needed.
Password Requirements:
• Password Expires every 90 days
• User cannot use the same password as any of their past 12 passwords
• Account locks after 5 invalid login attempts
• On creation of a new user assign a temporary password that expires in 10 days (meaning if the user has not logged in within ten days with the password expire it).
• Change password on initial login
If you have any ideas/examples regarding the above requirements I am all ears.
Once I have the final setup I look forward to sharing how it was accomplished with the forums.
Password Requirements
Password Requirements
-Bryan
Version 8 (Build 2358)
Version 8 (Build 2358)
Re: Password Requirements
Bryan,
It's very do-able to build all those into a BSV using SystemUser attributes/rules, processes & notifications (LoginNotification and LoginAttemptNotification).
Do you have specific questions?
It's very do-able to build all those into a BSV using SystemUser attributes/rules, processes & notifications (LoginNotification and LoginAttemptNotification).
Do you have specific questions?
Tom - V8.8 build 3137 - MySql / PostGres
Re: Password Requirements
Tom, Thanks for the reply.
I guess I am not looking to reinvent the wheel with these 5 specific requirements. My guess is that someone has run into this need in the past and accomplished the task. I have seen a couple of places through out the forums where it is mentioned that it is possible but nothing helpful on how exactly people have accomplished it.
My overall my goal here is two things 1) to meet the client requirements as listed 2) to educate the community with specific examples of how this can be accomplished so that in the future adding these items to a BSV is as simple as copying the rules in and a few simple tests.
I guess I am not looking to reinvent the wheel with these 5 specific requirements. My guess is that someone has run into this need in the past and accomplished the task. I have seen a couple of places through out the forums where it is mentioned that it is possible but nothing helpful on how exactly people have accomplished it.
My overall my goal here is two things 1) to meet the client requirements as listed 2) to educate the community with specific examples of how this can be accomplished so that in the future adding these items to a BSV is as simple as copying the rules in and a few simple tests.
-Bryan
Version 8 (Build 2358)
Version 8 (Build 2358)
Re: Password Requirements
Sorry - mini hijack...
One item I'd like to add here would be: is it possible to automatically verify user email when they signup - i.e signup, send a link to their email they click to verify before they can login to the system... I'd assume shouldn't be too hard...
One item I'd like to add here would be: is it possible to automatically verify user email when they signup - i.e signup, send a link to their email they click to verify before they can login to the system... I'd assume shouldn't be too hard...
-
- Posts: 2418
- Joined: Mon Jul 02, 2012 12:24 am
- Location: Ulaanbaatar, Mongolia
Re: Password Requirements
Callum, that can be achieved using the SET Action.
SET Account FROM IncomingEmail.Message
SET Account FROM IncomingEmail.Message
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Re: Password Requirements
Mark, how does the above answer, does what Callum was asking on email verification? Can you expand please?eagles9999 wrote:Callum, that can be achieved using the SET Action.
SET Account FROM IncomingEmail.Message
-
- Posts: 2418
- Joined: Mon Jul 02, 2012 12:24 am
- Location: Ulaanbaatar, Mongolia
Re: Password Requirements
Now that you mention it Ben. Good point
My mind immediately went to SET but, SET will only work for a reply email but not for a link.
I will have to think about it a bit more for setting a return link.
My mind immediately went to SET but, SET will only work for a reply email but not for a link.
I will have to think about it a bit more for setting a return link.
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Re: Password Requirements
That's what through me off.eagles9999 wrote:Now that you mention it Ben. Good point
My mind immediately went to SET but, SET will only work for a reply email but not for a link.
I will have to think about it a bit more for setting a return link.
-
- Posts: 7532
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: Password Requirements
Code: Select all
• Account locks after 5 invalid login attempts
The rest can be implemented using business rules.
Aware IM Support Team
-
- Posts: 2418
- Joined: Mon Jul 02, 2012 12:24 am
- Location: Ulaanbaatar, Mongolia
Re: Password Requirements
Any suggestions for emailing a confirmation login link Support.
And ideas, suggestions, steps?
And ideas, suggestions, steps?
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
-
- Posts: 7532
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: Password Requirements
Code: Select all
Any suggestions for emailing a confirmation login link Support.
And ideas, suggestions, steps?
Aware IM Support Team
-
- Posts: 2418
- Joined: Mon Jul 02, 2012 12:24 am
- Location: Ulaanbaatar, Mongolia
Re: Password Requirements
Using firstcommand is not an issue but how do you include some string parameter for firstcommand in the url?
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
-
- Posts: 7532
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: Password Requirements
By just building this string using rules:
SomeObject.Link = '<a href="http://server:8080/AwareIM/logonOp.aw?domain=' + DOMAIN() + '&firstCommand=startProcess,...
etc
SomeObject.Link = '<a href="http://server:8080/AwareIM/logonOp.aw?domain=' + DOMAIN() + '&firstCommand=startProcess,...
etc
Aware IM Support Team
-
- Posts: 2418
- Joined: Mon Jul 02, 2012 12:24 am
- Location: Ulaanbaatar, Mongolia
Re: Password Requirements
That is not my point....SomeObject.Link = '<a href="http://server:8080/AwareIM/logonOp.aw?domain=' + DOMAIN() + '&firstCommand=startProcess,...
We need something like.
SomeObject.Link = '<a href="http://server:8080/AwareIM/logonOp.aw?domain=' + DOMAIN() + '&firstCommand=startProcess + &parm='E38jhsue937dhsjw7r7829w0sjdue73u'...
Where "E38jhsue937dhsjw7r7829w0sjdue73u" is a parameter that Aware accepts as the identifying key for the person that the system just sent the authentication email to.
So when that parameter comes bakc in.. the firstCommand process matches it up with the code that was sent and validates.
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Re: Password Requirements
Mark - I think you kinda just answered your own question
Why not do this:
1. On signup you set username and create a password for the user (use the Aware function to create password, make it a random long key)
2. Then using rules you build a login link, why not actually use the username and password in the link, then encrypt the link using the Aware function)
3. Email it to user
4. When they click it they are actually logging in with their user name and password (but can't see it because it's encrypted). Have a process (first command) to check first login and prompt them to enter new password.
Why not do this:
1. On signup you set username and create a password for the user (use the Aware function to create password, make it a random long key)
2. Then using rules you build a login link, why not actually use the username and password in the link, then encrypt the link using the Aware function)
3. Email it to user
4. When they click it they are actually logging in with their user name and password (but can't see it because it's encrypted). Have a process (first command) to check first login and prompt them to enter new password.
Rod. Aware 8.6 (latest build), Developer Edition, on OS Linux (Ubuntu) using GUI hosted on AWS EC2, MYSQL on AWS RDS