Password Management

This section contains the following topics relating to managing passwords.

Password Character Minimum, Include Alpha and Numeric Characters

New Passwords Cannot Match the Last Four Passwords

After 15 Minutes of Inactivity, User Must Log in Again

Making Passwords Case Sensitive

By default, passwords are case insensitive. So for example, if the password is TOKEN and the user enters token, the signon is successful.

If you want to make passwords case sensitive, change the value of the ek_passwordCaseSensitive element of the siteroot/web.config file from false to true.

If you do, and the password is TOKEN and the user enters token, the signon is unsuccessful. The user would have to enter TOKEN to successfully sign on.

Forcing Password Change Every 90 Days

Ektron CMS400.NET has a password security feature that forces an administrator or user with the Commerce Admin role to change his password at least every ninety days. This feature is only enabled when the ek_ecom_ComplianceMode key in the site’s Web.config file is set to true.

Once such a user goes eighty-five days without changing his password, a dialog box appears at next log-in, asking to change the password. If they do not want to do so at that time, they can click Skip. They are allowed to do this for the next five days. Once ninety days have passed, they must change their password before they can log into Ektron CMS400.NET.

Password Character Minimum, Include Alpha and Numeric Characters

Ektron CMS400.NET has a password security feature that forces an administrator or user with the Commerce Admin role to use at least seven characters in his password. Further, the password must contain at least one alphabetic and one numeric character.

This feature is enabled only when the ek_ecom_ComplianceMode key in the site’s Web.config file is set to true.

New Passwords Cannot Match the Last Four Passwords

Ektron CMS400.NET has a password security feature that forces an administrator or user with the Commerce Admin role to create a password that does not match his last four passwords. This feature is enabled only when site’s Web.config file has the ek_ecom_ComplianceMode key is set to true and the ek_ecom_PasswordHistory key is set to at least four.

You can set ek_ecom_PasswordHistory to a number higher than four if you want a higher level of security. If you set this key to less than four and the ek_ecom_ComplianceMode key is set to true, Ektron CMS400.NET enforces at least four.

After 15 Minutes of Inactivity, User Must Log in Again

Ektron CMS400.NET has a password security feature that automatically logs out an administrator or user with the Commerce Admin role after 15 minutes of inactivity. Activity is based on requests made to the server.

This feature is enabled when the site’s Web.config file‘s ek_ecom_ComplianceMode key is set to true. In addition, if you are using IIS7, the line in red below needs to appear between the <modules> tags in the Web.config file. This line is a part of the default install. You should make sure it has not been removed.

</modules>

If you are using IIS 6, the line in red below needs to appear between the <httpModules> tags in the Web.config file. This line is a part of the default install. You should make sure it has not been removed.

</httpModules>