Password patterns and configurations in Smarten

By default Smarten password pattern is simple.

If you want to implement different password policy, you can control various aspects of password policy such as strict password characters, number of attempts, and encryption.

The settings for password pattern can be set in default.conf file under smarten folder (wildfly/standalone/deployments/smarten.war/conf/default.conf).

Settings for password pattern:

    Common Rules of strict password:

• Passwords should be minimum 8 characters long.
• Minimum one upper case and one lower case letter are required.
• Minimum one number (0-9 digit) is required.
• Minimum one special character is required. Valid characters are!\"#$%&'()*+,-./:;<=>?@[ \\ ]^_`{|}~

PS: The default value of ENABLE_STRICT_PASSWORD parameter is false.

Example:

ENABLE_STRICT_PASSWORD = True	ENABLE_STRICT_PASSWORD = False
Sm@r10@pp	SmartenApp
$tr!ctP@$$w0rd	Strictpassword

  

If the number of wrong password attempts exceeds or if the user enters wrong password more times than the specified value, then the smarten users will be made inactive temporarily for 2 hours. They will be able to login after 2 hours.

For e.g. If the number of wrong attempts to be set as 5, opendefault.conf file and set the parameter value as ‘MAXIMUM_NO_OF_ATTEMPTS=5’.

 

This is like the translation of login password into an encrypted code for data security purposes. During user login, the login password will be encrypted and compared with the stored version for verification. By default, the password encryption is set as ‘false’ (ENABLE_PASSWORD_ENCRYPTION=false) in Smarten, and you can set this value to ‘true’ to enable password encryption.

 

Please refer to Application Security Implementation Manual to learn more.

Note: This article is based on Smarten Version 5.x. This may or may not be relevant to the Smarten Version 5.x you may be using.

#smarten #password policies #smartenpassword #password #configuration #strict password #hard password