How to setup Password Security?

Print this post

 

Signon Password Failure Limit The Signon Password Failure Limit profile option determines the maximum number of login attempts before the user's account is disabled. Users cannot see or update this profile option. The internal name for this profile option is SIGNON_PASSWORD_FAILURE_LIMIT. Signon Password Hard to Guess The Signon Password Hard to Guess profile option sets rules for choosing passwords to ensure that they will be "hard to guess." A password is considered hard-to-guess if it follows these rules: . The password contains at least one letter and at least one number. . The password does not contain the username. . The password does not contain repeating characters. Users can see but not update this profile option. The internal name for this profile option is SIGNON_PASSWORD_HARD_TO_GUESS. Signon Password Length Signon Password Length sets the minimum length of an Applications signon password. If no value is entered the minimum length defaults to 5. Users can see but not update this profile option. The internal name for this profile option is SIGNON_PASSWORD_LENGTH. Signon Password No Reuse This profile option specifies the number of days that a user must wait before being allowed to reuse a password. Users can see but not update this profile option. The internal name for this profile option is SIGNON_PASSWORD_NO_REUSE. Signon Password Case This profile option is not available from the beginning. With 11i.ATG_PF.H RUP3  comes the system profile 'Password Case Option' After 11i.ATG_PF.H.RUP4  this system profile option was renamed to  'Signon Password Case'. There are two settings: 'Sensitive' and 'Insensitive'. The default is 'Insensitive'. Setting this profile option to 'Sensitive' will make the password case sensitive. 'Mixed' is no longer supported. These profiles should only be set at Site level. They can be set at other levels, such as User or Responsibility. However, when logging in there is no User context, so if a User is prompted to change their password at login, the profiles are only evaluated at site level. Once logged in and resetting passwords using Preferences->Change Password, or the Security ->User->Define form these other levels will have effect and will confuse the issue. So these profiles should only be set at Site level, for consistent enforcement.