Skip to Content

"Your password is not secure enough!"

Hi folks,

>> Opening SCN, SSO seems not to work, clicking on "Log On"

>> "SAP Identity Cloud says your Password is not secure enough, please change it now"

>> Guidelines: Your new password must be exactly 8 characters long....

>> 8 characters

>> 8

>> not secure enough, must be exactly 8 characters

So, hands up, kids, who wants to be brute-forced first? I assume I'll need a little less than three weeks for any of you (including myself)...

Cheers, Lukas

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Feb 23, 2015 at 01:20 PM

    Hi Lukas,

    the ancient password requirements come from the fact, that this is an s-user and the user is managed by the Service Marketplace. Because this is still a fairly old R/3 based system, these password requirements still exist there.

    For one, there is a protection against brute force attacks, where some amount of failed login requests will block the ability to login for a day or so (don't have specific info on this).

    Second, there is an upgrade of SMP in the work, which will hopefully bring the password requirements to the latest standards.

    Best,

    Oliver

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 20, 2015 at 12:36 PM

    http://xkcd.com/936/

    Sums up perfectly, everything that is wrong with using stringent password requirements.

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 20, 2015 at 12:15 PM

    Yeah, those password settings are rather strange. I remember cursing it, when I tried to change my password some months back and had to keep making it simpler. That was fun...

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Lukas Weigelt

      Actually it was by default like that in SAP as well until a while ago and changed only for new installations. Password compatibility with legacy system truncated the password at the 8th character and converted alphabetical characters to upper case.

      Perhaps a 4.6C system is still in the SCN infrastructure as middleware and hence the backward compatibility is needed?

      Cheers,

      Julius