I don't now, but just (or: exactly!) 8 characters for a password seems really, really short, doesn't it?
And SAP Cloud Identity also "protects" all those HCP accounts, right? (Can you mine bitcoin on HCP? -> might be a evil business opportunity there...)
Can you maybe somehow disable Password-Login altogether and only log in with certificates?!
Oh well... off into the weekend!
Best
Joachim
I also like:
This is to avoid people creating such long passwords they can't remember and then put it via post-its on the monitor! So... security! ;)
I remember to have stumbled over that monthes ago - and it took a while until I really understood the meaning of "exactly" as I simply could not imagine such a restriction in 201x.
The good thing is "TOO-DUM8" seems valid, in contrast "wor!d class1", "c0mmon-sense" or "l0west-securi!y-standards" are way too long, apparently.
This question of why the cloud identity password has to be exactly 8 characters has come up before (https://archive.sap.com/discussions/thread/3701103). The answer is that it's tied to the Service/Support Marketplace/Portal, and in the mix of systems that work with that there are still some older R/3 systems that can't handle a password longer than 8 characters. They also convert everything to uppercase -- they can't handle mixed-case passwords -- and thus the reason why the password today is case-insensitive. So, they've forced you to use that maximum -- 8 -- as the best they can do, but until they upgrade or retire the oldest systems that are still part of the mix, they can't allow anything longer, or require true mixed-case.
I changed my password to "incorrect" so whenever I forget what it is
computer will say "your password is incorrect"
:)
P@SSW0RD - nailed it! :)
Can you maybe somehow disable Password-Login altogether and only log in with certificates?!
FWIW, I don't think that would really improve security: AFAIK you need the password to create a new SAP Passport (aka client certificate), so anybody with access to your password could still create a new passport for your account and could login here that way, even when login via password would be disabled.
----------------------------------------------
(That being said, I'd recommend to login here via passport in order to prevent to have to type the password and prevent keylogging but someone with access to my keyboard could probably also get my certificates, as well...)