Password Strength

For sites migrating from a previous version of Ostendo where this new Password functionality did not exist, they can choose to implement advanced security or simply continue using their present password structure. Advanced Password options are either activate or inactive for a site in total.

In previous versions of Ostendo when the default password of'pass'was initially set, users were never be forced to change this password which could leave sensitive areas of Ostendo exposed to users who should not have access.

IfNOPassword strength rules are defined, Ostendo will behave the same way it has in previous versions. ie: allow any existing user to log on with their current password.(lowercase is allowed)

If'ANY'Password Strength rule is defined, then existing users must type their existing password inUPPERCASE. If that current password does not meet the defined Password Strength rules, they will be forced immediately to change their password to one that meets the current criteria defined in the Password Strength. When advanced security is defined, passwords are case sensitive

Ostendo has the concept of setting and using a global password strength. This ensures that when a user sets their password, it is of enough strength the organisation requires.

This screen allows Administrators to define their organisations default password strength attributes.

The password strength attributes can be defined as follows: