Security
Passwords management
To be compliant with NIST 800-63B authentication requirements, HOPEX provides new features concerning MEGA Authentication.
A soon as you use MEGA Authentication, the change password window is as follow:
It is required to enter a strong password following the NIST 800-63B requirements. A colored gradient is used to indicate to the end user the strength level of the password:
- Red for low protection
- Orange for medium protection
- Green for high protection
HOPEX provides specific options to the administrator to manage those passwords.
Password strength defines the level of strength you required for the user passwords:
- High means the end user must enter a password with a high strength -> only green color is accepted in the gradient.
- Medium means the end user can enter a password with a medium or a high strength -> green and orange colors are accepted in the gradient.
- Low means the end user can enter a password with a low, medium or high strength -> green, orange and red colors are accepted in the gradient.
Number of last non-reusable passwords defines the number of passwords in the last passwords use that cannot be reused. By default, the end user cannot reuse the last 5 passwords he used.
Activate the password-checking Macro: in the previous releases, the password policy was so far defined by a dedicated macro. HOPEX still delivers this standard macro with specific rules that companies can override.
By default, and to be compliant with the existing rules, the related option is activated meaning that on top of the new password policy, the password macro is still called. The administrator can uncheck this option.
The behavior will change in V4 and the macro will be disactivated by default.
