General security principles

Require complex and secure passwords

In the Central Designer Administrator application, an administrator should require that each user password meets the following requirements, which you set in the System Config > Settings > Security section of the Central Designer Administrator application:

• Expires every 90 days. Configure this option in the Passwords expire every field.
• Has not been used recently. Configure the number of previously-used passwords that cannot be reused in the Enforce password history field.
• Contains a minimum of 8 characters. Configure this option in the Minimum password length field.
• Contains at least two of the following. Configure this option by setting the Password complexity setting to High.
  • One letter and one number.
  • One non-alphanumeric character.
  • One upper-case and one lower-case letter, character, and at least either one number or special character.

For more information, see Configure strong user passwords.

Keep passwords private and secure

All users should change their passwords when they log in for the first time.

Tell users never to share passwords, write down passwords, or store passwords in files on their computers. For more information, see Passwords for new users.

Lock computers to protect data

Encourage users to lock computers that are left unattended. For more information, see Login security.

Provide only the necessary rights to perform an operation

Assign users to roles, and assign rights to roles so that users can perform only the tasks necessary for their jobs.

For more information, see:

• Rights assigned to roles.
• Users assigned to roles.

Copyright © 2012, 2016 Oracle and/or its affiliates. All rights reserved.