Sage 200 UKI Ideas Portal

Password/MFA Policy

Allow Administrators to ensure user passwords meet NIST guidelines and also enforce MFA.

Could the password policy be configurable or enforced as below by administrators?

• Enforce MFA, rather than allow users to turn on/off as they wish.

• Maximum password age: 60 Days

• Enforce password history: 10 password remembered

• Minimum password length: 8 characters

• Account lockout threshold to a sufficiently high value of 10 attempts to ensure users can accidentally mistype their password several times before their account is locked, but which still ensures that a brute force password attack will lock the account.

• Password complexity requirements: Enabled

• The Minimum Password Age should be set to 1 or more to ensure that the account password cannot be immediately changed after reset or selection of a new password, and is changed after 24 hrs.

Further to disable the ability for users to “remember this setting on this device” if possible.

  • Callum Middleton
  • Apr 8 2024
  • Will not implement
Idea Benefit Increase security to meet generally accepted best practice.
How do you solve for this problem today? N/A. Security does not meet requirements.
Product Variant Sage 200 Standard