Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Password Policy: Only specific special characters should be allowed.

Former Member

on ‎2018 Dec 05 1:40 PM

2,536

Password Policy: Only specific special characters should be allowed.

Password should only have any of the following: $ % _ - #

How can this password policy be achieved if possible

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (3)

Answers (3)

JPReyes
Active Contributor
‎2018 Dec 05 4:30 PM
0 Likes

If you question is regarding restricting the special characters to just "$ % _ - #" then the answer is that it is not possible

Read

https://help.sap.com/saphelp_nw70ehp2/helpdata/en/4a/c3f18f8c352470e10000000a42189c/frameset.htm

Regards, JP

Show replies
Show replies
Matt_Fraser
Active Contributor
‎2018 Dec 05 3:40 PM
0 Likes

You must really hate your users!

More seriously, what is the purpose of such a policy? It's obviously not increased security, as you have decreased the number of available characters that can be used to just a small subset, and furthermore made it significantly harder for users to actually use the passwords, thus increasing chances that they'll write them on sticky notes attached to their monitors. Why not implement something more secure, such as certificate logins, or Single Sign-On, etc?

Show replies
Show replies
JPReyes
Active Contributor
‎2018 Dec 05 3:51 PM
0 Likes

I don't think this is an actual requirement (I hope this is not an actual requirement)

Matt_Fraser
Active Contributor
‎2018 Dec 05 3:54 PM
0 Likes

juan.reyes , agreed. I was tempted to be snarkier in my answer, such as suggesting setting login/password_expiration_time to 1 so that users would need to change passwords every day, but that doesn't usually end well.

JPReyes
Active Contributor
‎2018 Dec 05 4:06 PM
0 Likes

I know a someone (It wasn't me) that when requested to reset a password would make the password complex with at least 20 characters and take a screenshot of it and send it via mail so they couldn't use copy and paste. 😄

Matt_Fraser
Active Contributor
‎2018 Dec 05 4:12 PM
0 Likes

Hahahaha, yes, that is mean!

We implemented a small custom program so that the Help Desk can just press a button with the username involved, and it resets the password to a set of numbers based on SSN and year of birth. Then they just tell the user what the algorithm is and let the user figure out the new initial password. That way no password ever gets transmitted via email, nor spoken via phone, and only the real intended end user should be able to figure out what it is.

JPReyes
Active Contributor
‎2018 Dec 05 4:25 PM
0 Likes

Awesome...

BTW I read the question again.. and I think what he wants is to know if he can restrict the special characters to only the ones listed...

Matt_Fraser
Active Contributor
‎2018 Dec 05 4:36 PM
0 Likes

Ah yes, that could well be what he meant. I'm still not sure on the purpose, though. Why not allow all the valid special characters? Does it have to do with compatibility across systems of disparate capabilities? I can see that as an issue, but in that case, using login/password_downwards_compatibility and/or login/password_charset might be better (and easier) options.

JPReyes
Active Contributor
‎2018 Dec 05 4:46 PM
0 Likes

I have seen cases (like RF devices) where not all the characters are available on the tiny awkward keyboard... maybe that is the reason....

JPReyes
Active Contributor
‎2018 Dec 05 1:59 PM
0 Likes

I guess you can set the parameter for min special characters login/min_password_specials to 40 which is the max password length. 😄

Regards, JP

Show replies
Show replies
Ask a Question