Skip to Content
0
Oct 10, 2008 at 06:15 PM

Security policy: misleading message to enduser

22 Views

In our SAP NetWeaver Portal we have defined a new security policy. As a

part of this we have set the "Minimum Number of Alphanumeric Characters

in Password" at 1.

When an end-user defines a new password violating this setting, the

message which is shown is "Ongeldig nieuw password. Password moet

minstens 1 alfanumerieke tekens bevatten." (in the Dutch language,

which translates as "Invalid new password. Password requires at least 1

alphanumeric characters.").

The phrase "Number of Alphanumeric Characters" is misleading. What is

intended is "Number of letters and number of digits". When a user

defines as his new password "Abcdefghi" the message suggests the

password must contain at least 1 alphanumeric character, while in

reality it contains 8 alphanumeric characters.

Is it possible to change at least this message shown to the end-user?

The message should read something like "Invalid new password. Password

requires at least 1 letters and 1 digits." (in Dutch "Ongeldig nieuw

password. Password moet minstens 1 letters en 1 cijfers bevatten").

Kind regards,