Hi, I am working on creating a password policy Management IS authenticator which will allow to configure the password policies.
In the authenticator, I am going to add the following password policy option. *Configure password expiration:* - If the user password not being changed for the given days, the user should be prompted to do that during the authentication flow and allows to change the password using the password change UI or disable the user and they are redirected to a page that states "You cannot access your account at this time. Please contact Administrator". - Issue the expiration warning for the given days before the password expired. *Configure Password Composition:* - Minimum password length required. - Minimum number of upper case characters. - Minimum number of lower case characters. - Minimum number of digits. - Maximum consecutive character repeats. - User name or reverse of user name not in password. - Maximum number of failed attempts in given minutes or days and disable the user and they are redirected to a page that states "You cannot access your account at this time". *Configure Password Restrictions:* - How long a user must wait before reusing the password. Please suggest if there is any other policies we can add to this authenticator. Thanks, Kathees -- Kathees Software Engineer, email: [email protected] mobile: +94772596173
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
