Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Toolbox sap-security Reply from MAK-SA on Jul 19 at 9:43 AM Many thanks all of you for your valuable input. Actually we have all the controls in place, to mention a few
Complex password criteria, Password must be changed at first logon, Productive password must be changed after every 90 days, Password history is enforced to a suitable number. Initial password is sent to users in a confidential email. I was concerned about the validity of this initial password. Some recommend it should be 3 and some says it should be 5. I found this value is set as 30 in my Company. Before creating an Infrastructure Change Management ticket, I wanted to understand the benefit if we reduce it from 30 to 5 and if we keep it 30 what could be the risk. So it is clear now that longer validity period poses greater chances of misuse, lesser validity period is much safer but it might increase the administrative tasks. Because if employees do not utilize the password say in 5 days it will expire then again he had to create a ticket for password reset. Best Regards
| | | ---------------Original Message--------------- From: MAK-SA Sent: Monday, July 17, 2017 10:19 AM Subject: Login/Password Max Idle Initial Login/Password Max Idle Initial Hi, The recommended setting for this parameter is 3 or some times 5. May I ask what is the risk if it is set to 30 or greater value? | | Reply to this email to post your response. __.____._ | In the Spotlight Become a blogger at Toolbox.com and share your expertise with the community. Start today. _.____.__ |