Password policy settings

Service Center
On our radar
In both ServiceCenter and Users
Created on 21 Feb 2012
Comments (12)
Can you give an example what you would like regarding this subject?
Normal policies:
- Don't allow passwords already used by the user (password history)
- Password maximum age
- Password minimum complexity and length
- Password lockage by attempted failed logins

You can use external authentication to have password policies for the users.
External authentication for Lifetime is coming soon.

Just a hint, if you can't wait for an enhancement in future versions.. You could overwrite the Change Password Screens / Actions reusing, partially, the native OS logics and implementing your own.
Hi Guys,

Any where I can set password complexity for Lifetime and Servicecenter?
There are no built-in features for this.  As the previous posts state you must use an external authentication mechanism or write yur own logic for the password screens.  There are several Forge components that interface with external mechanisms such as LDAP.

Hope this helps,
It's becoming a serious issue.

Even if you want to enforce a password-policy, there is no way to alter the change-password inside the Users-espace

From the user eSpace itself this isn't possible, but you can write you own password logic and save this as the password for the user (by using the getForUpdate action from user entity with the encrypt() system function).
@Evert, true, but you have to disable the Users-espace for that (one thing I didn't knew was possible)
Hello Statler,

I thought it's also possible without setting it on disable? But maybe when users isn't the user provider eSpace?

Kind regards,

I think this is a must have feature. Considering the fact that all high privileges accounts are being created either in service center or lifetime, there should be a password policy in place. I don't understand why there are no many votes on this idea, is everyone using an external directory ?  

Yes, this needs to be available as part of OutSystem feature rather than relying on external authentication.