1. Security Guide
  2. Securing Oracle Banking Payments
  3. Oracle Banking Payments Controls
  4. Password Management
  5. Specifying Parameters for User Passwords

Specifying Parameters for User Passwords

Password Length (Characters)

The range of length (in terms of number of characters) of a user password can be set. The number of characters in a user password is not allowed to exceed the maximum length, or fall below the minimum length that has been specified.

The minimum length defaults to 8, and the maximum length to 15. The defaults values can be changed and specify the required range. The length can specify a minimum length between 6 and 15 characters, and a maximum length between 10 and 15 characters. The minimum length that specified must not exceed the maximum length that have specified.

Force Password Change After

The password of a user can be made valid for a fixed period after which a password change should be forced. After the specified number of days has elapsed for the user’s password, it is no longer valid and a password change is forced. The number of calendar days defined will be applicable for a password change of any nature - either through the ‘Change Password’ function initiated by the user or a forced change initiated by the system. The system defaults to a value of 30, which can be changed. The number of days can be between 15 and 180 days.

Password Repetitions

The number of previous passwords that cannot be set as the new current password can be configured, when a password change occurs. The system defaults to a value of three (i.e., when a user changes the user password, the user’s previous three passwords cannot be set as the new password). The default value can be changed and it can specify a number between one and five.

Minimum Days between Password Changes

The minimum number of calendar days that must elapse between two password changes can be configured. After a user has changed the user password, it cannot be changed again until the minimum numbers of days you specify here have elapsed.

Intimate Users (before password expiry)

The number of working days before password expiry can be configured, which is used to display a warning message to the user. When the user logs into the system (the stipulated number of days before the expiry date of the password), a warning message will continue to be displayed till the password expires or till the user changes it. By default, the value for this parameter is two (i.e., two days before password expiry).

Parent topic: Password Management