Information Technology Reference
In-Depth Information
attempts, or clearing that count on a subsequent successful login, will
also have to be explicitly coded.
Directories can enforce enterprise password policies based on simple
configuration settings. Aspects of security policy such as password
length, password expiry (i.e., how frequently must passwords be
changed?), password history (e.g., users cannot reuse the last 15
passwords), invalid logins allowed (i.e., how many times can a user enter
incorrect credentials before the account gets locked?), etc., are very
easy to specify in a directory
35
. A general purpose database needs
special application logic to enforce these aspects of security policy.
35
Some aspects of password policy (e.g., a password must contain at least one
uppercase letter, one lowercase letter and a digit) may still require to be specified at
the application level, especially since it is considered more user-friendly for an
application to provide a continuous indication of password acceptability as the user is
typing.
