Please note the following Sage 200 Ideas Portal Guidelines apply to the use of this portal.
Allow Administrators to ensure user passwords meet NIST guidelines and also enforce MFA.
Could the password policy be configurable or enforced as below by administrators?
• Enforce MFA, rather than allow users to turn on/off as they wish.
• Maximum password age: 60 Days
• Enforce password history: 10 password remembered
• Minimum password length: 8 characters
• Account lockout threshold to a sufficiently high value of 10 attempts to ensure users can accidentally mistype their password several times before their account is locked, but which still ensures that a brute force password attack will lock the account.
• Password complexity requirements: Enabled
• The Minimum Password Age should be set to 1 or more to ensure that the account password cannot be immediately changed after reset or selection of a new password, and is changed after 24 hrs.
Further to disable the ability for users to “remember this setting on this device” if possible.
Idea Benefit | Increase security to meet generally accepted best practice. |
How do you solve for this problem today? | N/A. Security does not meet requirements. |
Product Variant | Sage 200 Standard |
thanks for the comment Stuart, if you have a look at the individual ideas you can see what is happening with them, 8 ideas on 1 makes it tricky to keep people informed.
Please never do any of this!
Thanks for the idea, I've split them in 6 separate ideas in order that they can be tracked and responded to in a more seamless way.
You can use the links below to access:
Password/MFA Policy - enforce MFA
Password/MFA Policy - password age
Password/MFA Policy - enforce password history
Password/MFA Policy - password length & complexity
Password/MFA Policy - account lockout threshold
Password/MFA Policy - remember this device