Password policy | Community
Skip to main content
D
Deepaks007
Level 2
August 3, 2016
Solved

Password policy

  • August 3, 2016
  • 8 replies
  • 7973 views

Hi,

below questioned raised by the security audit team. We are using CQ 5.6.1. Is there any way to configure and define the password policy.

  • Password length should be minimum 8 characters.
  • Password complexity should be in place.
  • Last 5 passwords should not be used.
  • Password age should be 45 days.
  • User ids to be locked after 5 unsuccessful login attempts. Also, user should be auto logged off if there is no activity in certain time frame that should be configurable
  • In case of new password allocation, administrator should provide temporary password to user and send confirmation mail after password allocation.
  • Forced password change on first login.

Regards,

Deepak

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Deepaks007

Hey manage to do it myself its pretty easy.

 

1. Go to Config manager search for "DAY CQSE HTTP Service" , default session timeout is 10 mins, you can changes as per the requirement.

 

Hope this will help others

8 replies

Jitendra_S_Toma
Jitendra_S_Toma
Level 10
August 3, 2016

Deepak,

What do you mean by configuration?. These are the simple text messages for the end user. And, can be put using RTE. Now, whether the user follows these instructions or not is part of the validation and validation (server side/client side) would render these messages.

If there is a case where you don't want an author to put same text multiple places then move it to some admin pages and read that common content. By this way, it seems you need to do some extra work.

Regards,

Jitendra

D
Deepaks007Author
Level 2
August 3, 2016

Hi Jitendra,

I am talking about ACL (User management) when you create an user there is no option to set the password policy for the user to login.

Regards,

Deepak

Tuhin_Ghosh
Tuhin_Ghosh
Level 8
August 3, 2016

Hi Deepak,

 

Please find the below article, this might be helpful for getting you started. After that you can amend as required.

http://experience-aem.blogspot.com.au/2015/09/aem-61-classic-ui-implementing-simple-password-policy.html

D
Deepaks007Author
Level 2
August 3, 2016

Thanks for your response. I am using cq5.6.1. do you have any reference
?

 

Also would like to change user inactive timeout. if user is ideal for 5 mins then system should log him out.

Tuhin_Ghosh
Tuhin_Ghosh
Level 8
August 3, 2016

Though this is AEM 6.1 but this is for classic UI so this should work also for 5.6.1. Kindly try to implement and see if this works for you.

D
Deepaks007Author
Level 2
August 3, 2016

Thanks I will check this option.

Would like to change user inactive timeout. if user is ideal for 5 mins then system should log him out. How can we achieve this

kautuk_sahni
Community Manager
kautuk_sahniCommunity Manager
Community Manager
August 3, 2016

Hi 

Answering your first question, 

Validation can be achieve by implementing custom validation using JavaScript.

As it is done in link mentioned by Tuhin :- http://experience-aem.blogspot.in/2015/09/aem-61-classic-ui-implementing-simple-password-policy.html

 

Second question on Timeout:- You can achive this with session timeout.

Link:- http://aemfaq.blogspot.in/2014/10/how-to-set-timeout-for-login-token.html

//

Link:- http://www.tothenew.com/blog/setting-the-timeout-interval-of-a-httpsession/

 

Thanks and Regards

Kautuk Sahni

Kautuk Sahni
D
Deepaks007AuthorAccepted solution
Level 2
August 3, 2016

Hey manage to do it myself its pretty easy.

 

1. Go to Config manager search for "DAY CQSE HTTP Service" , default session timeout is 10 mins, you can changes as per the requirement.

 

Hope this will help others

Terms & ConditionsAccessibility statement

Loading footer...