cancel
Showing results for 
Search instead for 
Did you mean: 

Password History Limit > 9?

SOLVED
Go to solution
Victor Semaska_3
Esteemed Contributor

Password History Limit > 9?

Greetings,

We're running V5.1B w/ PK4 and have Enhanced Security enabled. Management wants the Password History Limit set to 15 but dxaccounts won't let me set it to anything greater than 9. Is there some way to change this?

Thanks,
Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
6 REPLIES
Ann Majeske
Honored Contributor
Solution

Re: Password History Limit > 9?

9 is the maximum. From "man prpasswd" entry for "u_pwdepth": This field is a number (0 to 9) representing the number of old encrypted passwords to keep to prevent reuse of previously used passwords.

Realistically, once you hit about 5 or so you don't gain much, security wise, by increasing the size of the password history list.

Ann
Victor Semaska_3
Esteemed Contributor

Re: Password History Limit > 9?

Ann,

Thanks for the reply. I guess management is just being paranoid. :)

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
Hein van den Heuvel
Honored Contributor

Re: Password History Limit > 9?


Actually, more than 12 is crucial IMHO.

That will stop the folks that are going from password1 to password2 through password9 to go back to password1. It'll force them to select a really different password every 9 times. And it will also stop the password folks.

I'll raise this as a serious lack in security for dxaccounts and get it worked on.

:-) :-) :-).

Hmmm, actually maybe we should because sadly enough there are too many users using "scheme's" to satisfy changing password requirements.
Ann Majeske
Honored Contributor

Re: Password History Limit > 9?

Hein,

I did see the :-)'s, but seriously, you can't stop the people who will do password1, password2, by increasing the password history. Even if you increase it to 1000 those same people will just do password001, password002. If you want to prevent this, you can't allow the users to choose their own passwords. Enhanced Security does allow you to require users to use random character strings generated by the system. The problem with this is that the passwords are so hard to remember that everyone writes their password on a post-it and sticks it on their screen. You just can't win.

Ann
Victor Semaska_3
Esteemed Contributor

Re: Password History Limit > 9?

Actually, if you go to the dxaccounts on-line help for View... -> Local Templates -> default -> Security -> Help -> Password Options -> Triviality Checks, you would see:

Triviality Checks
The system checks that the password that has been selected or
generated:

* Contains at least six characters

* Has at least two alphabetic characters

* Contains one numeric or special character

* Differs from the user's login name and any reverse or circular shift
of the login name or group name

* Differs from the user's old password by at least three characters


This documentation is wrong because it doesn't work, I checked trying it and then calling Support. If HP did implement this, it would help a lot.

The only option left is 'growing your own' by using the Site Triviality Checks and writing your own code.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
Alexey Borchev
Regular Advisor

Re: Password History Limit > 9?

Ann is absolutely right - random characters are hard to remember.
I am using system-generated prononceable password - it's a little bit easier to pick up a rememberable password, so my users are OK with this.
Best ones:
fuffessa
sexrity
;-)
The fire follows shedule...