Allow Administrators to ensure user passwords meet NIST guidelines and also enforce MFA.
Could the password policy be configurable or enforced as below by administrators?
• Enforce MFA, rather than allow users to turn on/off as they wish.
• Maximum password age: 60 Days
• Enforce password history: 10 password remembered
• Minimum password length: 8 characters
• Account lockout threshold to a sufficiently high value of 10 attempts to ensure users can accidentally mistype their password several times before their account is locked, but which still ensures that a brute force password attack will lock the account.
• Password complexity requirements: Enabled
• The Minimum Password Age should be set to 1 or more to ensure that the account password cannot be immediately changed after reset or selection of a new password, and is changed after 24 hrs.
Further to disable the ability for users to “remember this setting on this device” if possible.
Callum Middleton
| Idea Benefit | Increase security to meet generally accepted best practice. |
| How do you solve for this problem today? | N/A. Security does not meet requirements. |
| Product Variant | Sage 200 Standard |
thanks for the comment Stuart, if you have a look at the individual ideas you can see what is happening with them, 8 ideas on 1 makes it tricky to keep people informed.
Attachments Open full size
Please never do any of this!
Attachments Open full size
Thanks for the idea, I've split them in 6 separate ideas in order that they can be tracked and responded to in a more seamless way.
You can use the links below to access:
Password/MFA Policy - enforce MFA
Password/MFA Policy - password age
Password/MFA Policy - enforce password history
Password/MFA Policy - password length & complexity
Password/MFA Policy - account lockout threshold
Password/MFA Policy - remember this device
Attachments Open full size