We have a small application running for a long time and now we have a plan to set a new password policy for the application login user.
Do you have suggestions or any guidelines for this or Is there any in-built utility available in OpenEdge to validate the password ?
What should be the strong password policy for the application user while creating or changing the password ?
best approach is to use several random words (of a language that suits the user) connected by some suitable character. example:
complex passwords composed of random letters, numbers, and special characters are impossible to remember and hard to type correctly. this drives users to write them down on sticky notes attached to their screens.
making users change passwords every week is cruel and unusual punishment. once a year is enough.
to build on Gus's thoughts, setting a minimum length of 12 is better than one of 8.
or maybe at least three words
or whatever number floats the boat.
Depending on you situation, but no password at all might also be a good solution. If your application runs on a windows environment, you could use the userid from the windows login to identify the user.