One
of my customers is challenging the possibility to enforce strong passwords in
E-Business Suite (Release 12). Using the generic User Define Form you can
define when a password expires, but that is more or less all you can do from that
screen. In order to enforce an advanced Password Policy, you should go to the
Profile Options:
Sign on Password Failure Limit
The
Sign on Password Failure Limit profile option defines the maximum number of
login attempts before the user’s account is disabled.
Sign on Password Hard to Guess
Set
this Profile Option to Yes to ensure that they will be "hard to
guess."
A
password is considered hard-to-guess if it meets this requirements:
•
The password contains at least one letter and at least one number.
•
The password does not contain the username.
•
The password does not contain repeating characters.
Sign on Password Length
Sign
on Password Length defines the minimum length of the password. The default is 5
characters
Sign on Password No Reuse
This
profile option specifies the number of days before any previously given
password can be reused.
Sign on Password Case
Set
this profile option to 'Sensitive' to make the password case sensitive (it
defaults to 'Insensitive in 11i, apparently, it defaults to 'Sensitive' in
R12.1.1).
In
this example, Users will have to enter a case sensitive password, they are not
allowed to enter more than 3 wrong passwords, the password must be hard to
guess (see above), and the length is set to at least 8 characters and cannot be
used again for at least a year after it has expired.
In the Define User screen we can set the Password Expiration to either
• Days (see example),
• Accesses (the number of logins) or
• None.
Combining the profile options with the Password Expiration will give you a robust password policy for Oracle E-Business Suite.
