Hi DW,
I have a question regarding the password requirement.
As part of security measures, our customer is looking to implement some new password requirements to ensure the safety of user accounts.
Our customer wants to ensure password security that goes beyond the high complexity setting in Dynamicweb.
Here are some of the requirements:
- Different from the last 10 used passwords: We want to enforce a policy where users cannot reuse their last 10 passwords. This is to prevent password recycling and enhance password security.
- At least annual password expiration: We would like to set a policy where users are prompted to change their password at least once a year. This is to ensure that passwords are regularly updated and not kept unchanged for prolonged periods.
- Change password at first log-in (if set by an administrator - not relevant for this scope): We understand that this requirement may not be applicable to our CMS system, but we wanted to mention it for completeness. In case our system supports it, we would like to have the option for users to change their password at their first log-in, if set by an administrator.
- Not follow a predictable pattern: Lastly, we want to ensure that passwords do not follow a predictable pattern, such as sequential numbers or repetitive characters. This is to prevent easily guessable passwords and enhance overall password security.
I don’t think this is achievable with DW’s extranet password security settings, and I’m not sure if its possible at all to look at the last 10 passwords in a custom solution?
Do you have any input to either how this could be done, or if it's even achievable ?
Best regards, Daniel
