User Password Requirements
- Mark Elkomos
Applies to all QEST Platform.
This article describes password requirements in QEST Platform.
Contents
- 1 Overview
- 1.1 Requirements
- 1.2 Configuration
Overview
These requirements are applied whenever a strong password is required. Spectra QEST strongly recommends requiring a strong password for all users, by setting the Strong Password Requirement option to true.
Requirements
Passwords must be at least 8 characters long.
There is no realistic maximum length
Passwords must not contain the user’s name or username.
Passwords must not contain words related to Spectra QEST products:
spectra
qest
qestlab
qestfield
Passwords that exist in a database of known passwords from data breaches are not allowed.
This requires that outbound connections to https://api.pwnedpasswords.com/ can be made. If these connections fail, this requirement will be ignored, but future logins will try to check the password against the password requirements again. To ensure that logins are reasonably fast, it is recommended that if Strong Password Requirements are in use that these connections are possible.
Configuration
The requirements can be enabled/disabled using the Strong Password Requirement option.
True: all users must choose a strong password (recommended)
False: System Administrators must choose a strong password, all other users may choose any password
Related content
Integrity | Curiosity | Empathy | Unity
The content of this page is confidential and for internal Spectra QEST use only. Do not share, duplicate or distribute without permission.