On Mon, Feb 29, 2016 at 10:58 PM, Kathees Rajendram <[email protected]> wrote:
> > > *Configure Password Composition:* > > - Minimum password length required. > - Minimum number of upper case characters. > - Minimum number of lower case characters. > - Minimum number of digits. > - Maximum consecutive character repeats. > - User name or reverse of user name not in password. > > > - Maximum number of failed attempts in given minutes or days and > disable the user and they are redirected to a page that states "You cannot > access your account at this time". > > > - > > *Configure Password Restrictions:* > > - How long a user must wait before reusing the password. > > These needs to be handled at a different level and IS already has a plugin architecture for this.. not at this authenticator(handler) level.. > Please suggest if there is any other policies we can add to this > authenticator. > Thanks, > Kathees > -- > Kathees > Software Engineer, > email: [email protected] > mobile: +94772596173 > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
