on 2013 Sep 23 5:13 AM
If you ask my opinion SAP have gone silly with their service market place password restrictions for "S" numbers.
The following lists the "MUST" Criteria and my comments as to why this is just plain silly
Request clarification before answering.
Had a good chuckle on this one. I realy hate using special characters in the passwords, not sure why there is a belief they add an extra layer of protection. And the requirement to be different from the last 5 passwords actually does lead exactly to the passwords like you've mentioned.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm pretty sure the password is not limited to just 8 characters only. In fact I know it isn't because mine is longer than 8. But I won't tell you how much longer!
Brute force cracking also assumes you can make unlimited attempts. I'm sure SAP boots you out after three tries and makes sure you have to start over again after a random timeout period.
And I'm pretty sure that after a certain number of failed attempts within a given time frame, it will lock the account.
Most of the other requirements are pretty standard as Jurgen as pointed out.
Besides, I don't think SAP considers the S accounts to require a super high security requirement. While I know some OSS notes can be pretty cryptic, they aren't exactly guarding state secrets.
I'm don't really see the issue. If you're an IT admin, this should really be old hat for you.
But if you ask SAP, maybe they'll set up your account to follow some of the military standards and give you a randomly generated, 18 character, system assigned password every 14 days that you have to memorize.
FF
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Interesting because my pwd, like Fire Fighter's is more than 8. I'll even let you know that it's more that 8 and less than 15. Perhaps it matters if an S user ID is used or I user ID or email ID, etc., etc... Makes you wonder if someone from SCN / Jive could comment(?).
- Ludek
Senior Support Engineer AGS Product Support, Global Support Center Canada
you have not seen such a list before?
I know such from my work, from my bank, my insurance company and many more areas where I need passwords for.
this does actually not limit you, it forces the majority of users to use such characters instead of keeping their relatives names just like they are.
Any of those rules makes your password stronger.
However I am glad that SAP and all companies (except my own) do not force us to change the password every month, as this just ends up in writing it down.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We use rules similar in all secure areas but not like these. Not sure if you read it fully but the following things specified under the password change option verbatim I have put above that is specifically concerning and done no-where else where you look for a secure password:
1. the password is not case-sensitive
2. Not contain any blanks
3. Be 8 characters long and only 8 characters long
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.