RE: [WS_FTP Forum] User password security

[Kevin Gillis]

Title: User password security

Hi Doug,

 

Excellent feature request.  Turns out, we have a similar feature coming in the next release of WS_FTP Server for which the Beta is starting in January. 

 

It's not final, but we are looking to let you set the following requirements:

 

1. # of former passwords to track

2. Number of special characters (* & #, etc.)

3. Number of numeric characters required

4. Min number of characters required

5. You can also set the expiration date for the password and also have it expire on a specific date (which you set).

 

How would you want expired passwords to be reset?  For example, would it be okay to let a user log into their account and just not allow any transfers (upload/download) until they change their password (provided you have that feature turned on)?

 

Bye for now,

 

kg

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Schuessler, Doug
Sent: Thursday, December 08, 2005 5:19 PM
To: [EMAIL PROTECTED]
Cc: WS_FTP Pro forum LISTSERV
Subject: [WS_FTP Forum] User password security

        We have been using FTP server with NT user database and only allowing users to change password by calling me to change them.  The NT database was used to enforce our password content/complexity requirements (minimum 6 characters, containing at least one each of uppercase, lowercase and a number or special character), since this is not available when using Ws-FTP server to maintain the accounts.  With our latest security audit, we are now required to expire the passwords every ninety days.  This new requirement would mean manual password changes by me are no longer a workable process.  With the loss of control of passwords,  we also would then need a way to replicate the passwords to another system for disaster recovery purposes.  I am looking for suggestions on how to support this new requirement.

<<[EMAIL PROTECTED]>>