Password Settings

ENTERPRISE has six options to control the restrictions of ENTERPRISE passwords. There are a variety of ways to enhance the security of your database using different login conventions and validations.


Note: Any site can take advantage of these features, regardless of how they are signing into ENTERPRISE – ENTERPRISE, Database or Windows authentication. The only requirement for using these features is that all ENTERPRISE users and their passwords must exist within ENTERPRISE security. (ENTERPRISE security information is maintained using the ENTERPRISE security application entsec.exe.)
These settings are controlled by four ENTERPRISE Code Table (FRCODTAB) settings. You may choose to take advantage of one or many of these options.

image001.png

  • Minimum Length Rule:
    • ENTERPRISE Code Table Code = PASS_MINLENGTH
      Passwords changed using ENTERPRISE are required to be at least one character in length. PCI data security standards require passwords to be at least seven characters long. You can enforce a minimum password length of any numeric value, depending on your operational policies. To do so, capture the character length that your site will require as the minimum.
      A value of “0” or “**NOTINUSE**” assumes that the required length is 1, since passwords are required.
  • Character Pattern Rule
    • ENTERPRISE Code Table Code = PASS_CHARPATTERN
    • This setting allows you to require that all passwords follow a certain pattern. The options are:
      • Alpha - allows only letters,
      • Numeric - allows only numbers,
      • Alphanumeric - the password must include at least 1 number and 1 letter,
      • Alphanumsym – the password must include at least 1 number, 1 letter, and 1 symbol,
      • Symbol_Alpha - the password must include at least 1 letter and 1 non-numeric, non-alpha character (such as an exclamation point or a semicolon), and
      • Any - allows for any pattern of characters.

The default value for this setting is “Any”. PCI Security standards require passwords to contain both numeric and alphabetic characters.

  • Previous Password Validation Rule
    • ENTERPRISE Code Table Code = PASS_SAVEPREPASS
      This setting should contain a numeric value indicating how many unique passwords a user must create before a password can be reused. For example, if the setting is two, when a user attempts to change his password, the password must be different from his current password and his last password. PCI Security standards require that new passwords cannot be the same as the four previously entered passwords.
      Set this value to “0” or “**NOTINUSE**” to allow passwords to be set without any validation of old passwords. Enter a numeric value to validate all passwords from this point forward.
  • ;Maximum Number of Login Attempts Rule
    • ENTERPRISE Code Table Code = PASS_MAXLOGINATTEMPTS
      The setting should contain a numeric value indicating how many failed login attempts a user can make before being “locked out” of the database.
      If a user fails to login for the number of attempts you have specified with this setting, the user will be set to ‘Inactive’ within ENTERPRISE Security (security_users table). That account will then have to be reset to ‘Active’ using ENTERPRISE Security before that user will be able to login to ENTERPRISE. PCI Security standards require that a user account is locked out after not more than six invalid logon attempts.
      The default value for this setting is 3.