Skip to Content
avatar image
Former Member

Implement Complex Passwords

Hi-

We are trying to determine what the impact of changing the password parameters so that the SAP ECC 6.0 version will require complex passwords. The settings we would like to change are:

1. login/min_password_digits

2. login/min_password_letters

3. login/min_password_lowercase

4. login/min_password_specials

5. login/min_password_uppercase

Basically, we are wondering what will happen to users whose passwords are not "complex". Will their existing passwords be "rejected", meaning they will be forced to create complex passwords right away? Will their passwords expire and have to be reset manually by security? Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    Oct 27, 2009 at 12:07 AM

    Hi,

    you can control password policy check using parameter login/password_compliance_to_current_policy (since NW7.0). Have a look at parameter documentation in RZ11. Also have a look at note 2467.

    Cheers

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 27, 2009 at 07:52 AM

    > Basically, we are wondering what will happen to users whose passwords are not "complex".

    > 1 Will their existing passwords be "rejected", meaning they will be forced to create complex passwords right away?

    > 2 Will their passwords expire and have to be reset manually by security?

    > 3 Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?

    I believe number 3 will be the case. Unless you also tamper with the validity period.

    Jurjen

    Oh, yeah, and they will write down their new passwords (which they can no longer remember) on post-it notes. Besides that, they'll hate your guts so make sure you can blame someone else 😉

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 27, 2009 at 08:05 AM

    Hi,

    set this parameter as well - login/password_expiration_time

    once the set period is over , the system prompts for a password change , then your complex user settings come into play, till then the users can continue with their existing passwords.

    This is as per my experience at my work place.

    Regards,

    Brahmeshwar

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 29, 2009 at 03:31 PM

    >

    > Or, will they be forced to use complex passwords on their next, scheduled or user selected password change?

    ... unless you set login/password_compliance_to_current_policy to value 1

    Add comment
    10|10000 characters needed characters exceeded