Article Details
| Id: | 13126 |
| Product: | finPOWER Connect |
| Type: | NEW |
| Version: | 2.03.01 |
| Opened: | 23/07/2015 |
| Closed: | 29/07/2015 |
| Released: | 07/08/2015 |
| Job: | J015956 |
Passwords; Strong Password checks enhanced
What constitutes a 'Strong' password has been enhanced within finPOWER Connect.
The following, additional checks are made for 'Strong' passwords. If any of these fail, the password is not deemed to be 'Strong':
- Cannot be 'Password' or any number substituted version of this such as 'Pa55w0rd'.
- Cannot be a numberr substituted version of the User Id, e.g., if the User Id is 'John', it cannot be 'j0hn' (the 'o' substituted for a zero)
Within the business layer, the ISSecurity.IsPasswordStrong method has been obsoleted since it generated errors rather than returning a message about why the password was not strong. This is replaced by the ISSecurity.ValidatePassword method.