Hello All,
A customer would like to exclude certain words from their user passwords.
For example, exclude Aaa, aAa, and aaA from the password.
Can this be done within Laserfiche?
Jacob, I don't believe there is an option for that specific type of configuration. That being said, it would be best practice to use Active Directory or SAML accounts in LFDS, so the password complexity requirements would be maintained in those systems. If it's possible, that might be a better fit. I also read in the LF 12 release notes that the "Password policy defaults updated for modern standards". I'm not sure what that means though because there are no additional notes on it.
The password defaults changes referenced in the release notes have to do with these settings for password policies in Laserfiche Directory Server.
Namely, "moderate" and "high" options have been updated to 2024 standards rather than the previous settings that dated from the Windows 2003 era and were a bit too low for modern day security. "Custom" was always available, but the built-in levels are now also realistic again.
Miruna, are the 2024 standards for moderate and high documented somewhere?
Moderate: Minimum 10 characters, at least 3 character sets.
High: Minimum 16 characters, at least 4 character sets.
We're updating the changelog notes to mention the specifics and the Directory Server UI also shows you the settings for each default when selected:
------------------------------------------------------------------------------------------------
I have my own opinions about the character set complexity requirements there (standards are trending towards longer passwords without character set reqs), but they're certainly better default levels than before.