Uploaded image for project: 'mod-login'
  1. mod-login
  2. MODLOGIN-38

Technical Design: Local Password Rules Parameters/Configuration

    XMLWordPrintable

Details

    • Story
    • Status: Closed (View Workflow)
    • P3
    • Resolution: Done
    • None
    • None
    • EPAM Sprint 1, EPAM Sprint 2
    • 5
    • Folijet
    • Large < 10 days
    • Depends on where configuration lies. Tenant level may represent default configuration and in a future release, will support the ability for tenants to make updates via UI.
    • Medium < 5 days

    Description

      As a Folio System Administrator
      I want to enforce strong local password rules
      So that the ability for someone to illegally access or brute force attack Folio is minimized.

      Requirement

      • Implementation needs to be flexible to make global password requirement updates (e.g. minimum requirement)
      • Implementation need to be flexible to support tenant level password requirement updates based on an institution's requirements.
      • For users that had access when no password rules were implemented, ensure that have access as long as status = active.
        • if the status changed from inactive to active then force the user to comply with current password requirements.
        • Otherwise all new users must comply with new rules

      Valid password requirement rules

      • Has a minimum 8 characters (frontend)
      • Contains both lowercase and uppercase letters (frontend)
      • Contains at least one numeric character (frontend)
      • Contains at least one special character (frontend)
      • Is not your username (backend)
      • Is not on the bad passwords list(s) (UIU-509) (frontend)
      • Cannot be a word in a TBD dictionary (UIU-509) (frontend)
      • Is not a keyboard sequence (ex. 123456) (frontend)
      • Is not the same character (ex. BBBBBBB) (frontend)
      • Is not one of the last 10 previously used password (UIU-510) (backend)

      TestRail: Results

        Attachments

          Issue Links

            is blocked by

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-31 Extend mod-login with the ability to update user's own password

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            relates to

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-33 Prevent Local Password Re-Use (at least the last 10 passwords)

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-35 Select a bad password list(s)

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODPWD-32 Do not use password complexity requirements

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODPWD-35 Drop keyboard sequence and repeating symbols password substring requirements. And update white space character password rule

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODPWD-51 Implement a bad password list(s)

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. STSMACOM-338 Handle error message for a new password validation rule

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIMPROF-13 Change Password: Prevent Local Password Re-Use (at least the last 10 passwords)

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIMPROF-20 Implement a Password Strength Meter

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIU-516 Spike: Select a Password Strength Meter

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            New Feature - New feature requests UXPROD-39 Local password management

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-47 Create Validator Registry component

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-50 Create Validation Manager Component

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGIN-57 Create password validation rules (RegEx)

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODPWD-4 Create Validator engine (Backend validator) Component

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODPWD-5 Create mod-password-validator module

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODPWD-6 Initial ruleset for a tenant

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODUSERBL-43 mod-users-bl: add endpoint to change user password

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. STCOR-273 Local Password Management: Create/Reset a Password Screen

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIMPROF-12 Add password validator functionality to Change password page

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                kgambrell Khalilah Gambrell
                kgambrell Khalilah Gambrell
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases