dchunt Absent Member.
Absent Member.
914 views

Univesal Password Policy implementation questions

We are trying to implement a Universal Password policy for users on our system running OES 2015 SP1, ZCM 2017 and AD. We set up Universal Password to use Challenge/Response questions and then to provide a password hint. Here are a couple of things that I hope there are work arounds for.

1. When the password change dialog comes up, there is minimal info on what the criteria are for a valid password. You can put in an administrator message in but the user has to know to click on the 'policy' button on the change password dialog to see it, which is not very intuitive. Even then the Administrator message is at the bottom of the policy dialog and not very prominent.

2. When changing a password, you are asked to put in the password hint on the password change dialog (which happens at the end of the login) and after that you are prompted to put in the password hint again in a separate dialog. Why are you prompted twice for the password hint?

3. You can put in nothing for the password hint. Wouldn't you want to force users to put in something? However, it looks like you will be prompted every time you login for a password hint if you leave it blank.

4. You can change the Challenge/Response questions without changing the password. Can you change the password hint without changing the password? For instance, if you decided the password hint you entered was not clear enough and wanted to redo it but didn't want to change your actual password.

Thanks,

Dan
Labels (1)
0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: Univesal Password Policy implementation questions

On 08/09/2017 09:34 AM, dchunt wrote:
>
> We are trying to implement a Universal Password policy for users on our
> system running OES 2015 SP1, ZCM 2017 and AD. We set up Universal
> Password to use Challenge/Response questions and then to provide a
> password hint. Here are a couple of things that I hope there are work
> arounds for.
>
> 1. When the password change dialog comes up, there is minimal info on
> what the criteria are for a valid password. You can put in an
> administrator message in but the user has to know to click on the
> 'policy' button on the change password dialog to see it, which is not
> very intuitive. Even then the Administrator message is at the bottom of
> the policy dialog and not very prominent.


This sounds like a client issue; you may want to post in the OES Client
forum on https://forums.novell.com/ or https://forums.microfocus.com/ but
ultimately your best bet may be to be sure you are on current code and
then submit an enhancement request, perhaps via the Ideas Portal at
https://ideas.microfocus.com/MFI/novell-ideas

> 2. When changing a password, you are asked to put in the password hint
> on the password change dialog (which happens at the end of the login)
> and after that you are prompted to put in the password hint again in a
> separate dialog. Why are you prompted twice for the password hint?


Weird, but another client issue.

With that in mind, you should disable the password hint. Password hints
are a security nightmare in the best cases; they were a nice idea long
ago, for limited definitions of "nice", but they are terrible when
thinking about security.

> 3. You can put in nothing for the password hint. Wouldn't you want to
> force users to put in something? However, it looks like you will be
> prompted every time you login for a password hint if you leave it blank.


Still a client issue, but you should just disable Password Hint
functionality entirely, and then purge all values from your tree.

> 4. You can change the Challenge/Response questions without changing the
> password. Can you change the password hint without changing the
> password? For instance, if you decided the password hint you entered
> was not clear enough and wanted to redo it but didn't want to change
> your actual password.


Same as other responses.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.