Hi guys,

I am trying to look for a solution to have some sort of password complexity check for users within the system.

But the problem is that we cannot customize the OS page where we change password, and once the password is stored it is hashed so no way to check afterwards.

Any idea how I can go around this?


Kelvin

Hi Kelvin,

To accomplish that you need to create your own password change. An option your be opening users and copy the existing webblock to one of your modules. You will have a couple of errors that you will need to fix some but just removing or create your own actions. when everything is solved you can start using this password change instead and do any further changes that you need to do the password complexity check.

if you try this method and you find any problem you can't solve let us know.

Regards,

Marcelo

Marcelo Ferreira wrote:

Hi Kelvin,

To accomplish that you need to create your own password change. An option your be opening users and copy the existing webblock to one of your modules. You will have a couple of errors that you will need to fix some but just removing or create your own actions. when everything is solved you can start using this password change instead and do any further changes that you need to do the password complexity check.

if you try this method and you find any problem you can't solve let us know.

Regards,

Marcelo

Hi Marcelo,

Thanks for the reply. Just to clarify that I am actually referring to passwords for lifetime users. 

Will the way of doing still the same?


Kelvin

Hi,

For lifetime is not like that. To be honest I don't know a way of doing it. I will check around to see if I find someone that knows how to do it.

Regards,

Marcelo

Kelvin wrote:

Hi guys,

I am trying to look for a solution to have some sort of password complexity check for users within the system.

But the problem is that we cannot customize the OS page where we change password, and once the password is stored it is hashed so no way to check afterwards.

Any idea how I can go around this?


Kelvin

Hey Kelvin,

By using the LifeTime APIs (http://<InfrastructureManagementEnvironment>/LifeTimeServices/UserManagementService.asmx?WSDL)

you can create new "developers" accounts. This means you can then create your own page/screen to create LifeTime users and manage the complexity of the password on your own by using RegExp or check the complexity before encrypting.

Hopefully this helps ;)

Cheers

Ruben Bonito

In addition to Ruben's very good solution, you can also add two factor authentication: https://www.outsystems.com/forge/component-overview/5821/multi-factor-authenticator