User passwords are considered one of the most vulnerable breach points when it comes to system security. Out of the box, LearnCenter comes with a default password complexity rule. LearnCenter provides you the option to strengthen the security of user passwords. You define rules that govern password complexity by specifying the required usage and combination of various facets:
In addition, you have three ways to define the acceptable order of those characters within a user's password:
Once the rules are created and stored in the LearnCenter, you specify which rule to enforce at a given time. When users are prompted to create new passwords, they must adhere to the rule currently in effect for the LearnCenter. A Help link displays on the page where users change their passwords that provides the current rule requirements in plain English.
Password rules do not apply to Administrator passwords at this time.
In creating strong passwords patterns, you must first decide if you want the password pattern to be flexible and occurrence based, or defined and sequence based.
Example: If the required facets are one uppercase letter, three lowercase letters, two numbers, and one symbol, both of the following passwords would be accepted:
• bA99bb#
• 9bAb#b9999
Example: If the required order of facets is one uppercase letter, three lowercase letters, two numbers, and one special character, this password would be accepted:
Abbb99#
But this password would be rejected:
9A9bbb#
In all types of password patterns you can also specify a minimum and maximum number of each required facet, such as requiring at least one symbol but no more than 3 symbols.
Example: The required password facets are two uppercase letters, two numbers, and at least one symbol but no more than 3 symbols.
Occurrence - For an occurrence-based password pattern, the following passwords would be accepted:
• A9A9#
• #A99A#
• A#9#A#9
But this password would be rejected because there are more than three symbols:
#A9A9###
Sequence - For a sequence-based password pattern, the following passwords would be accepted:
• AA99#
• AA99##
• AA99###
But this password would be rejected because there are more than three symbols:
AA99####
Copyright © 2010-2015, Oracle and/or its affiliates. All rights reserved.