Overview#Usually there are often pre-existing password and account Security Considerations that the IdM Architecture will is expected to be compliant.
Some often identified requirements are:
- Passwords required? - For All entries?
- Password Quality - Are there requirements as to numbers, special characters etc.
- Minimum Password Length - What is the minimum length of a password
- Password Unique required - Can passwords be re-used? If not how many passwords kept for comparison?
- Password Allow Change - Can all entries change their own password?
- Password Expiration Interval - How many days can the same password be used?
- Login Intruder Attempts - How many attempts can be performed until the account is locked?
- Login Intruder Reset Time - How long is the account to be locked?
- Login Grace Limit - If a password is expired, can the user login to change their password?