5 Replies Latest reply on Feb 1, 2016 8:53 AM by Anne Brock

Password Restrictions Qualifier question

Josh Hester Jan 29, 2016 4:00 PM

Share This:

Remedy ITSM version 8.1.02

Can the password restriction qualifier in User Password Management Configuration be used to control the password history usage and not let the user use the same password over and over (or is this something already built in internally)?

What can be added in the restriction qualifier to put parameters on password history usage (or is there another area in Remedy to control this)? For example, you can't use the same password from your previous 3 passwords.

'New Password' LIKE "%[0-9]%" AND 'New Password' LIKE "%[a-z]%" AND 'New Password' LIKE "%[A-Z]%"

1. Re: Password Restrictions Qualifier question

LJ LongWing Jan 29, 2016 5:10 PM (in response to Josh Hester)

Josh,
Someone more knowledgeable than me may respond, but to the best of my knowledge, no, Remedy doesn't allow you to setup password history rules.
Like Show 1 Likes(1)

Actions
2. Re: Password Restrictions Qualifier question

Josh Hester Jan 29, 2016 5:17 PM (in response to LJ LongWing)

Thanks. I just tested it and it appears to have an out of box rule for not letting you use your previous password. Looks like it only goes back 1 previous password though. This may be something that can be adjusted in DEV studio.
Like Show 0 Likes(0)

Actions
3. Re: Password Restrictions Qualifier question

LJ LongWing Jan 29, 2016 5:23 PM (in response to Josh Hester)

yea....ensuring that it's not the same as current is pretty easy, you just compare it to current....but doing a history is a bit more complex, you must store each one used somewhere for the history to work...I don't know where they would store it as I've never seen a storage place
Like Show 1 Likes(1)

Actions
4. Re: Password Restrictions Qualifier question

Carl Wilson Jan 30, 2016 4:27 AM (in response to Josh Hester)

Hi,
the OOB check uses the following command to check the previous password:

$PROCESS$ Application-Confirm-Password $New Password$

Application-Confirm-Password password
Validates if the password is the password for the current user. For password, you can use a reference to the field that contains the password, such as field 102 or field 103. This command returns one of the following integers:
1-The password was confirmed.
0-The password is not valid.
If you used AR System version prior to 6.0 to create workflow involving a Password field (ID 102), the workflow might not function in AR System versions 6.0 and later. Version 6.0 included enhanced encryption and tighter security controls. To work around this issue, use the Application-Confirm-Password $PROCESS$ command.

As LJ mentions, should not be too hard to set-up a history and run this command to validate.

Cheers
Carl
2 of 2 people found this helpful
Like Show 2 Likes(2)

Actions
5. Re: Password Restrictions Qualifier question

Anne Brock Feb 1, 2016 8:53 AM (in response to Josh Hester)

Here's the documentation on the OOB password policies you can set up:

https://docs.bmc.com/docs/display/public/ars91/Enforcing+a+password+policy+introduction
Like Show 1 Likes(1)

Actions