Password Policy

You can also define a policy for the password you set for local (not domain) users to the eG management console. For this, follow the Admin -> Settings -> Manager menu sequence in the eG admin interface, expand the Account Security node in the manager settings tree-structure that appears, and select the Password Policy sub-node within. A Password Policy section will then appear in the right panel (see Figure 21).

Figure 21 : Configuring the password policy

In Figure 21, in the Password Complexity section, enter the minimum length for user passwords in the Minimum password length text box. When creating a new local user to the eG Enterprise system, the password you specify for the new user should be at least 8 characters long by default. If you want this minimum length changed, use the Minimum password length parameter in Figure 21.

In high security environments where the eG manager is made accessible on the public Internet, it is mandatory for the users to provide a strong password so that their credentials are not vulnerable to harmful/malicious attacks. To strengthen the password, eG Enterprise provides users with the flexibility to specify a combination of characters in the password. For this, a separate Password should contain field has been introduced in the Password Complexity section. By default, the Lowercase alphabets check box is checked which indicates that the password should contain a minimum of 8 lowercase characters. Users can even provide a combination of characters to strengthen the password. For this, users are allowed to check the check boxes against the Uppercase alphabets, Numbers and Special characters.

Note:

  • When the Uppercase alphabets, Numbers and Special characters check boxes are checked altogether or separately, it implies that at least one such character should be specified in the password provided by the user.
  • Double quotes (") are not allowed as a special character while specifying the password.

eG Enterprise also provides an additional layer of security while specifying the passwords, and that is the storage of the password history. If this security feature is enforced, then eG Enterprise stores a configured number of past passwords of a user in its database. Whenever that user attempts to change his/her password next, eG Enterprise compares that password with the list of previous passwords, alerts users if they match, and urges the user to provide a new password. This feature is useful from a security standpoint because, repeating a password can sometimes make it easy for hackers to hijack your account.

To enable this feature, set the Enforce Password History flag in the Password History section to Yes. If this flag is set to Yes, an additional Store up to text box appears. By default, 1 is displayed against the Store up to text box. This implies that the password that is specified/changed after setting the Enforce Password History flag to Yes will be stored by the eG Enterprise. When the user again tries to change the password, eG Enterprise will match it with the password specified earlier and accept the password change only if it is different from the previous one.

Note:

A maximum of 20 passwords specified by the user can be stored by the eG Enterprise.

Finally, click the Update button.