|
Siebel Security Hardening Guide > Securing Siebel Business Applications > Implementing Password Management Policies >
Defining Rules for Password Syntax
To make sure that the passwords in your Siebel deployment are difficult to guess and are capable of withstanding brute-force attacks, define rules for your organization relating to password syntax. It is recommended that you implement password syntax rules similar to the following:
- The password value must not be the same as the user name.
- Password values must include a variety of characters within the supported character set, for example:
- Both alphabetic and numeric characters are required.
- At least one special character is required, such as a symbol, an accented character, or a punctuation mark.
- At least one uppercase and one lowercase letter is required.
- Specify illegal values, for example, no more than one space character is permitted, or no more than 2 repetitions of the same character are permitted.
- Password values must be a minimum length, usually 8 characters.
In general, Siebel Business Applications do not provide support for either implementing password syntax rules or for verifying them. However, the following options exist:
- For the Siebel Mobile Web Client, the following options for managing the passwords of Remote clients are available:
- Users who have previously self-registered on a Siebel customer or partner application who forget their passwords can get new passwords by clicking the Forgot Your Password? link in the login dialog box. You can configure the length (maximum and minimum characters) of the passwords generated by your Siebel application for such users. For additional information, see Siebel Security Guide.
|
