Strong Passwords

User passwords are considered one of the most vulnerable breach points when it comes to system security. Out of the box, LearnCenter comes with a default password complexity rule. LearnCenter provides you the option to strengthen the security of user passwords. You define rules that govern password complexity by specifying the required usage and combination of various facets:

• Uppercase letters
• Lowercase letters
• Numbers
• Symbols (non-alphanumeric characters)
• Mandatory inclusion of a specified string
• Mandatory exclusion of a specified string
• Mandatory exclusion of specified characters
• Password length

In addition, you have three ways to define the acceptable order of those characters within a user's password:

• Flexible occurrence of required facets
• Defined sequence of required facets
• A manually entered regular expression

Once the rules are created and stored in the LearnCenter, you specify which rule to enforce at a given time. When users are prompted to create new passwords, they must adhere to the rule currently in effect for the LearnCenter. A Help link displays on the page where users change their passwords that provides the current rule requirements in plain English.

Password rules do not apply to Administrator passwords at this time.

Choosing the Type of Password Pattern

In creating strong passwords patterns, you must first decide if you want the password pattern to be flexible and occurrence based, or defined and sequence based.

• Occurrence - This allows users to create any password as long as all the required facets are included somewhere in the password without concern about their order. The rule is treated as a minimum requirement.

Example: If the required facets are one uppercase letter, three lowercase letters, two numbers, and one symbol, both of the following passwords would be accepted:

• bA99bb#

• 9bAb#b9999

• Sequence - This requires users to create a password that specifically follows the specified order of facets.

Example: If the required order of facets is one uppercase letter, three lowercase letters, two numbers, and one special character, this password would be accepted:

Abbb99#

But this password would be rejected:

9A9bbb#

• Custom - This requires users to create a password that follows the custom pattern you define with a JavaScript™-compliant regular expression.

In all types of password patterns you can also specify a minimum and maximum number of each required facet, such as requiring at least one symbol but no more than 3 symbols.

Example: The required password facets are two uppercase letters, two numbers, and at least one symbol but no more than 3 symbols.

Occurrence - For an occurrence-based password pattern, the following passwords would be accepted:

• A9A9#

• #A99A#

• A#9#A#9

But this password would be rejected because there are more than three symbols:

#A9A9###


Sequence - For a sequence-based password pattern, the following passwords would be accepted:

• AA99#

• AA99##

• AA99###

But this password would be rejected because there are more than three symbols:

AA99####

See Also

Copyright © 2010-2015, Oracle and/or its affiliates. All rights reserved.