Skip to Main Content
Sage 200 UKI Ideas Portal
Status Will not implement
Created by Callum Middleton
Created on Apr 8, 2024

Password/MFA Policy

Allow Administrators to ensure user passwords meet NIST guidelines and also enforce MFA.

Could the password policy be configurable or enforced as below by administrators?

• Enforce MFA, rather than allow users to turn on/off as they wish.

• Maximum password age: 60 Days

• Enforce password history: 10 password remembered

• Minimum password length: 8 characters

• Account lockout threshold to a sufficiently high value of 10 attempts to ensure users can accidentally mistype their password several times before their account is locked, but which still ensures that a brute force password attack will lock the account.

• Password complexity requirements: Enabled

• The Minimum Password Age should be set to 1 or more to ensure that the account password cannot be immediately changed after reset or selection of a new password, and is changed after 24 hrs.

Further to disable the ability for users to “remember this setting on this device” if possible.

Idea Benefit Increase security to meet generally accepted best practice.
How do you solve for this problem today? N/A. Security does not meet requirements.
Product Variant Sage 200 Standard