Discussion - Password change - business rules!

Discussion created by CarstenLevin on May 9, 2012
Latest reply on May 11, 2012 by jormond


Busness rule: Users has to change password at least every 90 days.

Paswords has to be at least 8 characters.

Users may not use the same password again - ever or maybe within 180 or 360 days.



You can force a password change every 90 days. Fine.

You can force the passwrod to be at least 8 characters. Fine.

The procedure in FileMaker will not permit you to re-enter the old password. Nearly Fine



When changing you can not use the old password as the new one. Perfect!

But then you can go back and change password again, and now you can choose the previous one.



If the business rule also says that we must not store the users password in any form in a table, then we can not solve this.

If the business rule permits that the developer stores the passwords in a very protected form in a filemaker file, then we can test for repeated use and more tricky rules (like using of capital/non capital letters, special characters, numbers etc). This is easy to do with FileMaker ... but in many cases will be a breach of business rules.



Have you had to solve this?


Should FileMaker build in more complex rules for passwords and password change?