How To Setup Password Security? (Doc ID 564125.1)

Goal

How to setup Password Security?

Solution

These profiles should only be set at Site level, but can be set at other levels, such as User or Responsibility.

However, when logging in there is no User context, so if a User is prompted to change their password at log in, the profiles are only evaluated at site level.

Once logged in and resetting passwords using Preferences->Change Password, or the Security ->User->Define form these other levels will have effect and will confuse the issue.

Thus, these profiles should only be set at Site level, for consistent enforcement. Please test making use of the level that works as expected for each environment.

Signon Password Failure Limit
The Signon Password Failure Limit profile option determines the maximum number of
log in attempts before the user's account is disabled.
Users cannot see or update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_FAILURE_LIMIT.

Signon Password Hard to Guess
The Signon Password Hard to Guess profile option sets rules for choosing passwords
to ensure that they will be "hard to guess." A password is considered hard-to-guess
if it follows these rules:
- The password contains at least one letter and at least one number.
- The password does not contain the user name.
- The password does not contain repeating characters.
Users can see but not update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_HARD_TO_GUESS.

Signon Password Length
Signon Password Length sets the minimum length of an Applications signon password.
If no value is entered the minimum length defaults to 5.
Users can see but not update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_LENGTH.

Signon Password No Reuse
This profile option specifies the number of days that a user must wait before being
allowed to reuse a password.
Users can see but not update this profile option.
The internal name for this profile option is SIGNON_PASSWORD_NO_REUSE.


Signon Password Case
This profile option is not available from the beginning.
With 11i.ATG_PF.H RUP3 comes the system profile 'Password Case Option'
After 11i.ATG_PF.H.RUP4 this system profile option was renamed to 'Signon Password Case'.
There are two settings: 'Sensitive' and 'Insensitive'.
The default is 'Insensitive'.
Setting this profile option to 'Sensitive' will make the password case sensitive.
'Mixed' is no longer supported.