https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303025#M1391419 <HTML><HEAD></HEAD><BODY><P>&gt; </P><PRE><CODE><P></P><P>&gt; Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?</P></CODE></PRE><P></P><P>... unless you set login/password_compliance_to_current_policy to value 1</P></BODY></HTML> Thu, 29 Oct 2009 15:31:00 GMT Wolfgang_Janzen 2009-10-29T15:31:00Z https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303021#M1391415 <HTML><HEAD></HEAD><BODY><P>Hi-</P><P></P><P>We are trying to determine what the impact of changing the password parameters so that the SAP ECC 6.0 version will require complex passwords. The settings we would like to change are:</P><P>1. login/min_password_digits</P><P>2. login/min_password_letters</P><P>3. login/min_password_lowercase</P><P>4. login/min_password_specials</P><P>5. login/min_password_uppercase</P><P></P><P>Basically, we are wondering what will happen to users whose passwords are not "complex". Will their existing passwords be "rejected", meaning they will be forced to create complex passwords right away? Will their passwords expire and have to be reset manually by security? Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?</P></BODY></HTML> Mon, 26 Oct 2009 21:57:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303021#M1391415 Former Member 2009-10-26T21:57:32Z https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303022#M1391416 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>you can control password policy check using parameter login/password_compliance_to_current_policy (since NW7.0). Have a look at parameter documentation in RZ11. Also have a look at note 2467.</P><P></P><P>Cheers</P></BODY></HTML> Tue, 27 Oct 2009 00:07:15 GMT https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303022#M1391416 mvoros 2009-10-27T00:07:15Z https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303023#M1391417 <HTML><HEAD></HEAD><BODY><P>&gt; Basically, we are wondering what will happen to users whose passwords are not "complex". </P><P>&gt; 1 Will their existing passwords be "rejected", meaning they will be forced to create complex passwords right away? </P><P>&gt; 2 Will their passwords expire and have to be reset manually by security? </P><P>&gt; 3 Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?</P><P></P><P>I believe number 3 will be the case. Unless you also tamper with the validity period.</P><P></P><P>Jurjen</P><P></P><P>Oh, yeah, and they will write down their new passwords (which they can no longer remember) on post-it notes. Besides that, they'll hate your guts so make sure you can blame someone else <SPAN __jive_emoticon_name="wink"></SPAN></P></BODY></HTML> Tue, 27 Oct 2009 07:52:30 GMT https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303023#M1391417 jurjen_heeck 2009-10-27T07:52:30Z https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303024#M1391418 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>set this parameter as well - login/password_expiration_time</P><P></P><P>once the set period is over , the system prompts for a password change , then your complex user settings come into play, till then the users can continue with their existing passwords.</P><P></P><P>This is as per my experience at my work place.</P><P></P><P>Regards,</P><P>Brahmeshwar</P></BODY></HTML> Tue, 27 Oct 2009 08:05:09 GMT https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303024#M1391418 Former Member 2009-10-27T08:05:09Z https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303025#M1391419 <HTML><HEAD></HEAD><BODY><P>&gt; </P><PRE><CODE><P></P><P>&gt; Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?</P></CODE></PRE><P></P><P>... unless you set login/password_compliance_to_current_policy to value 1</P></BODY></HTML> Thu, 29 Oct 2009 15:31:00 GMT https://community.sap.com/t5/application-development-and-automation-discussions/implement-complex-passwords/m-p/6303025#M1391419 Wolfgang_Janzen 2009-10-29T15:31:00Z