Password Rules

Dovetail Agent has an ability to enforce password rules at the time of password change, at the following points:

• Settings -> Password
• Login -> Change Password
• Login -> Reset Password
• Employee -> Password tab
• Contact -> Contact tab -> Web User

Dovetail Agent ships with a set of basic rules which can be modified, and custom rules can be added.

Basic rules

The basic password rules can be controlled by modifications in one code module: code/password_validation.js. It contains a set of flags to turn specific rule on and off, a set of corresponding rule validation functions, and a set of messages to communicate specific rule violation to the user.

The basic password rules are:

• minimum length - must contain at least the specified number of characters, default: 2
• prohibit space or underscore - must not contain space and underscore characters
• require at least one upper case character
• require at least one lower case character
• require numbers - must contain at least one numeric character
• require letters - must contain at least one alpha character
• require mixed case
• prohibit forbidden non alpha character - must not contain specific characters
• require special characters - must contain at least one of the specific characters
• not equal to - must not be equal to the value of another specified field
• user name can't be password - new password cannot contain login id
• require first character is alpha character - first character must be an alpha character, this is required by Oracle RDBMS.

Dovetail Agent ships with all the rules enforcement flags set to false, except for 'prohibit space or underscore' which is set to true.

The basic password rules can be customized by modifiyng the test functions inside the password_validation.js module, e.g. by adding more characters to the test done by the RequireSpecialChars function.

The basic password rules can be activated and deactivated by changing the value of the corresponding rule enforcement flag variable, e.g. activate 'require mixed case' rule by use of PasswordRequireMixedCase = true;

Custom rules

Dovetail Agent administrator may add custom password rules by adding these to the password_validation.js module:

• rule enforcement flag
• rule validation function
• validator method with rule violation message

After these elements are in place, the Dovetail Agent administrator must edit setPasswordValidationOnForm function to include the custom rule(s) in the rules[newPasswordFieldName] object. Once this code is modified, the custom rules can be activated and deactivated by changing the value of the corresponding rule enforcement flag variable inside the password_validation.js module.

Note: the same password validation functionality has been introduced to Dovetail Admin version 3.2. It is recommended to upgrade Dovetail Admin to version 3.2 or higher. Once upgraded, it is strongly recommended to keep any and all password validation rules in synch between Dovetail Agent and Dovetail Admin. Contact Dovetail Support for more details.

Did this topic help you? Email us your feedback.
Last updated: 8/21/2014 3:15:57 PM
© by Dovetail Software, Inc.