We are planning an external facing SAP e-recruitment site. Our security advisers have recommended that we enforce a minimum length for the SU01 login alias. I'm not sure it is possible using, for instance, SAP rz10 parameters. There's plenty for minimum password length, etc which we have implemented but nothing I can see for min alias length.
Any thoughts on this?