Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Implement Complex Passwords

Go to solution
Former Member

‎2009 Oct 26 9:57 PM

0 Likes
1,421

Hi-

We are trying to determine what the impact of changing the password parameters so that the SAP ECC 6.0 version will require complex passwords. The settings we would like to change are:

1. login/min_password_digits

2. login/min_password_letters

3. login/min_password_lowercase

4. login/min_password_specials

5. login/min_password_uppercase

Basically, we are wondering what will happen to users whose passwords are not "complex". Will their existing passwords be "rejected", meaning they will be forced to create complex passwords right away? Will their passwords expire and have to be reset manually by security? Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?

1 ACCEPTED SOLUTION
Read only

Go to solution
mvoros
Active Contributor

‎2009 Oct 27 12:07 AM

0 Likes
902

Hi,

you can control password policy check using parameter login/password_compliance_to_current_policy (since NW7.0). Have a look at parameter documentation in RZ11. Also have a look at note 2467.

Cheers

4 REPLIES 4
Read only

Go to solution
mvoros
Active Contributor

‎2009 Oct 27 12:07 AM

0 Likes
903

Hi,

you can control password policy check using parameter login/password_compliance_to_current_policy (since NW7.0). Have a look at parameter documentation in RZ11. Also have a look at note 2467.

Cheers

Read only

Go to solution
jurjen_heeck
Active Contributor

‎2009 Oct 27 7:52 AM

0 Likes
902

> Basically, we are wondering what will happen to users whose passwords are not "complex".

> 1 Will their existing passwords be "rejected", meaning they will be forced to create complex passwords right away?

> 2 Will their passwords expire and have to be reset manually by security?

> 3 Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?

I believe number 3 will be the case. Unless you also tamper with the validity period.

Jurjen

Oh, yeah, and they will write down their new passwords (which they can no longer remember) on post-it notes. Besides that, they'll hate your guts so make sure you can blame someone else

Read only

Go to solution
Former Member

‎2009 Oct 27 8:05 AM

0 Likes
902

Hi,

set this parameter as well - login/password_expiration_time

once the set period is over , the system prompts for a password change , then your complex user settings come into play, till then the users can continue with their existing passwords.

This is as per my experience at my work place.

Regards,

Brahmeshwar

Read only

Go to solution
Wolfgang_Janzen
Product and Topic Expert
Product and Topic Expert

‎2009 Oct 29 3:31 PM

0 Likes
902

> 

>  Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?

... unless you set login/password_compliance_to_current_policy to value 1