Details

    • Sub-Task
    • Status: Resolved
    • Major
    • Resolution: Done
    • 1.7.10
    • 1.7.10
    • CRC Cell, PM Cell
    • All databases

    Description

      *** Part of the security enhancements update ***

      Passwords must meet complexity requirements defined by the i2b2 Administrator. The requirements will be enforced when users change their passwords. A new error message will display if users do not meet the requirements when entering their new password.


      NEW PARAMETER

      A new Global Parameter was created to support the Enforce Complex Passwords feature. The new parameter is set within PM_GLOBAL_PARAMS table and will define the password complexity requirements. Once the parameter has been entered the feature will be turned on and all users will be required to follow the new requirements the next time they change their password. The only exception is when the password is set by the i2b2 Administrator from within the i2b2 Admin Module.

                                   Parameter Name: PM_COMPLEX_PASSWORD
                                   Parameter Value: [string of requirement variables]
                                   Parameter Data Type: Text


      COMPLEX REQUIREMENT VARIABLES

      When setting the parameter value for PM_COMPLEX_PASSWORD, each requirement is defined as an independent variable that is stored as a string in the VALUE column of the PM_GLOBAL_PARAMS table. Below are a list of the variables and the associated requirement that will be enforced.

                VARIABLES REQUIREMENT
                (?=.*[0-9]) Numbers (0-9)
                (?=.*[a-z]) Lower case letters (a-z)
                (?=.*[A-Z]) Upper case letters (A-Z)
                (?=.*[)(;:}{,.><!@#$%^&+=]) Special characters ()(;:}{,.><!@#$%^&+=)
                (?=\S+$).{8,} Password is a string and must be 8 characters

      The (?=\S+$).{8,} variable is always required when setting the PM_COMPLEX_PASSWORD parameter. The system needs to know that password is a string and the length of password. You do have the option to change the length to be greater or lesser than 8 characters.


      NEW ERROR MESSAGE

      The following error message will display if the user's new password doesn't meet the requirements.

                   Password Requirements
                        Be at least 8 characters

                        Must contain
                              - upper case letters (A-Z)
                              - lower case letters (a-z)
                              - numbers (0-9)
                              - special character (,.!@()}{#$%^&+=)
                  
                        Must NOT contain
                              - spaces
                              - start or end with a special character

      Attachments

        Issue Links

          Activity

            People

              jmd86 Janice Donahoe
              jmd86 Janice Donahoe
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: