The secure password feature in EPX allows the proper access privileges for EPX users. All properties for the secure password feature are disabled by default in the config.properties file. Check to see if the correct settings are applied by following these instructions:
Navigate to <EPX_Install Directory>\Enterworks\EPX31\bin.
Open the config.properties file for editing. Scroll down to the Settings for AR 25-2 Compliance section.
The first property is password strength, this is set to 0 by default. This means that the user is not required to use a strong password. You can enable this property by setting password strength to 1:
password.strength = 1
Note: A strong password uses the following property values:
password.minimum.length = 10
password.minimum.chartypes = 4
password.minimum.charfrequency 2
The first value means that the password supplied must contain at least 10 characters. The second value indicates that the password must contain a combination of the four (4) following character types: uppercase letters, lowercase letters, numbers, and special characters. The last value indicates that the password must not contain repetitive or consecutive characters.
It is also recommended that the password not contain the user ID or common words taken from the application-wide configurable dictionary.
Users are restricted from changing their passwords using the password.allowUserToChange property, this property has two values:
0=No (Default)
1=Yes
The value of password.allowUserToChange is set to 1 by default, this means that users can change their passwords after a successful log in.
Passwords can be set to expire using the password.allowToExpire property. The values for the expiration of the password are as follows:
0=No (Default)
1=Yes
The value of password.allowToExpire is set to 0 by default. This means that passwords for EPX users that are created after the installation of EPX 3.1 are not allowed to expire. Change this value to 1 if you want the password to expire:
password.allowToExpire = 1
Note: The disabling of the password.allowToExpire property does not apply to imported users. All imported users will have their passwords reset to their user ID. This means that if your user ID is jsmith your password is also jsmith.
The number of days before a password expires is set using the password.expiry property, this property is set to 0 by default. This means that it takes 0 days before a password expires and the password will not expire at all. The recommended value is 90, this means it will take 90 days before a password expires.
Note: The password.allowToExpire must be set to 1 for the password.expiry property can take effect. If password.allowToExpire = 1 and password.expiry = 0 the password will not expire.
Do not set either the password.allowToExpire or password.expiry to any number less than zero.
The number of days to notify users regarding the expiration of their password is set using the password.expiryNotification property, this property is set to 0 by default. This means that users will not receive any notification about their password’s expiration. The recommended value is 10, this means users will be notified 10 days before their password expires.
Note: The password.expiry property must be set first before the password.expiryNotification property can take effect. If password.expiry = 90 and password.expiryNotification = 10, users will be notified on the 80th day that their password is about to expire.
The repeated use of passwords for each user is limited using the password.recycleLimit property. This property is set to 0 by default. The recommended value is 10, this means that the first 10 passwords must not be used when changing passwords.
The maximum number of times a user is allowed to re-enter user credentials can be set using the account.lockout.maxLoginRetries property. The default value for this property is 3, this means that the user is given three tries to enter the correct user name and password before the account is locked out.
The maximum time period before the account will lock out is set using the account.lockout.timePeriod property. The default value for this property (in minutes) is 30 minutes.
Save the file.
Restart the service for the EPX Application Server.