Article Details
Id: | 17914 |
Product: | finPOWER Connect |
Type: | NEW |
Version: | 3.04.00 |
Opened: | 02/11/2020 |
Closed: | 12/04/2021 |
Released: | 30/06/2021 |
Job: | J025437 |
Strong Password validation enhanced
Validation of Strong Passwords has been enhanced to stop password variations of the User Id and the text Password.
- Tighter checking of similar characters
- The following characters were treated as equivalent, i.e. variations of
- Upper and Lower case letters
- 0 and O
- 3 and E
- 4 and A
- 5 and S
- In addition the following characters as now also treated as equivalent
- 1 and I
- L and I
- Q and O
- @ and A
- $ and S
- This means the following passwords are treated as the same:
- Password, p455wqrD
- finPOWER, f1Npqw3r
- Can no longer include the text "Password" or any variations of
- Previously,the whole Password was tested, rather than the any part of the Password. This meant "Password1" was allowed
- Can no longer include the text "Pass" or any variations of
- Can no longer include the User's Id or any variation of
- Can no longer include a block of the User's Id or any variation of
- A block being defined as:
- A group of letters or numbers separated by another character
- Must be at least 3 characters long
- For example; if the User Id is JO.BLOGGS8526, the password cannot be Jo!BLOGGS8526 because
- You cannot have the text (or any variations of) BLOGGS or 8526
- "Jo" is only 2 characters so is allowed
- You can still have BLOG in the password as the group of characters being tested is BLOGGS
- For example, if the User's Id is "C10250" then the password cannot contain "10250" or any variations of this