Password validation
I want to know what kind of Password validation we have.
I set on security policy "Minimum numeric [0-9] characters required in operator password" , "Minimum alphabetic [a-zA-Z] characters required in operator password", "Maximum unique historical operator passwords".
But it seems that there are other validations when I tried to change password.
For example, in the case operatorID is Samplebank and tried to change password as Samplebank01, it returns error.
***Updated by moderator: Lochan to add SR details***
Accepted Solution
Infosys Japan
JP
The error message shown in change password screen is generic which is "Failed to change password", but upon hovering on a field, the actual reason is shown.
The error message shown in change password screen is generic which is "Failed to change password", but upon hovering on a field, the actual reason is shown.
In this case error message was "** User ID and password are too similar". Upon changing password, operator record is saved and pyPwdCurrent has validate rule "pzValidateOperPassword" defined on it which gets fired upon save. "pzValidateOperPassword" does no validations when password is not changed and when security policies are disabled , but has "Password should not have more than 3 similar characters as Operator ID" as one of the validation , when security policies is enabled.
In this case user identifier and password have similar characters hence the failure occurs. For example in our case, The operator id is tokyobank and am trying to change the password JapanBank01. Here the highlighted characters are matching the validation for "Password should not have more than 3 similar characters as Operator ID" . Also this validation will occur only on the “Enable Security Policies” checkbox is checked. So PRPC showing the error message. So, we confirmed that this is an expected behavior.
Pegasystems Inc.
IN
Hi,
Worth to go through this article: https://pdn.pega.com/how-configure-login-security-and-password-policies
Pegasystems Inc.
JP
Hi, this information is no enough.
I read the link but I couldn't find any description which said password can not include operator ID.
Customer wants to know specific information of password validation but I can't find any article.
Accepted Solution
Infosys Japan
JP
The error message shown in change password screen is generic which is "Failed to change password", but upon hovering on a field, the actual reason is shown.
The error message shown in change password screen is generic which is "Failed to change password", but upon hovering on a field, the actual reason is shown.
In this case error message was "** User ID and password are too similar". Upon changing password, operator record is saved and pyPwdCurrent has validate rule "pzValidateOperPassword" defined on it which gets fired upon save. "pzValidateOperPassword" does no validations when password is not changed and when security policies are disabled , but has "Password should not have more than 3 similar characters as Operator ID" as one of the validation , when security policies is enabled.
In this case user identifier and password have similar characters hence the failure occurs. For example in our case, The operator id is tokyobank and am trying to change the password JapanBank01. Here the highlighted characters are matching the validation for "Password should not have more than 3 similar characters as Operator ID" . Also this validation will occur only on the “Enable Security Policies” checkbox is checked. So PRPC showing the error message. So, we confirmed that this is an expected behavior.