Enforcing Password complexity for user logins - how to check?

SankarmnSankarmn Community Edition User ✭✭

How can we verify if an user is changing the password like,
1. are they putting in 12 to 20 characters
2..Not a dictionary word
3. using special characters
4. not to use the previous 6 passwords
5. not to use username
6. avoid multiple identical consecutive characters
Is there a password complexity function to verify against a user password?

Tagged:

Answers

  • moshegmosheg Vertica Employee Administrator

    To control password requirements for users use a PASSWORD PROFILE described here:
    https://www.vertica.com/docs/10.0.x/HTML/Content/Authoring/SQLReferenceManual/Statements/CREATEPROFILE.htm
    And a CREATE USER statement described here:
    https://www.vertica.com/docs/10.0.x/HTML/Content/Authoring/SQLReferenceManual/Statements/CREATEUSER.htm
    For example:

    CREATE PROFILE QA_PROFILE_01 LIMIT
    PASSWORD_REUSE_MAX 6
    PASSWORD_MIN_LENGTH 12
    PASSWORD_MAX_LENGTH 20
    PASSWORD_MIN_SYMBOLS 1
    PASSWORD_MIN_DIGITS 1
    PASSWORD_MIN_UPPERCASE_LETTERS 1
    PASSWORD_MIN_LOWERCASE_LETTERS 1;
    CREATE PROFILE
    
    CREATE USER FRED1 PROFILE QA_PROFILE_01 IDENTIFIED BY '12345678901234567890';
    vsql:1_create_user.sql:1: ROLLBACK 4923:  That password is not acceptable
    DETAIL:  The password must have at least 1 non-alphanumeric characters
    
    CREATE USER FRED1 PROFILE QA_PROFILE_01 IDENTIFIED BY 'T234567890';
    vsql:1_create_user.sql:2: ROLLBACK 4923:  That password is not acceptable
    DETAIL:  The password is too short
    HINT:  Minimum password length is 12 characters
    
    CREATE USER FRED1 PROFILE QA_PROFILE_01 IDENTIFIED BY 'TooGood2BeTrue';
    vsql:1_create_user.sql:3: ROLLBACK 4923:  That password is not acceptable
    DETAIL:  The password must have at least 1 non-alphanumeric characters
    
    CREATE USER FRED1 PROFILE QA_PROFILE_01 IDENTIFIED BY 'TooGood2BeTrue%';
    CREATE USER
    
  • SankarmnSankarmn Community Edition User ✭✭

    @mosheg , thanks for the links. Since the DBA sets them as I don't have clarity on what's set. In that case how do I cross check what profile options has been used?

    Also I am looking for the below options to set in profile. Are these functionality available?
    1. Not contain multiple identical consecutive characters
    2. Not contain user name as password
    3. Not be a common password like 'password1234'
    4. Not contain dictionary word
    5. Not have been used in the last year
    6. Differ from the last password by at least 12 characters

    TIA

  • SankarmnSankarmn Community Edition User ✭✭

    How to the view the set profile options through vsql?
    Can the above 6 options be set in profile?

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file