Recommendations for password policy management and SecureLogin

  • 7940392
  • 19-Aug-2009
  • 26-Apr-2012

Environment



Novell SecureLogin 3.51
Novell SecureLogin 6.0
Novell SecureLogin 6.1

Situation

Recommendations for password policy management and SecureLogin

Resolution

Strong Password Policies (e.g. 16 characters 4 numbers) should be enforced on back-end systems wherever possible and then defined centrally in the directory using SecureLogin’s management tools. When application passwords expire, SecureLogin can be configured to generate random passwords so users don't know their underlying passwords.

NSL password policies can be associated with each application, a group of applications, or for a particular user that runs an application. Typically a password policy is created for each application.

Since NSL remembers passwords, strong and random passwords should be enforced when they expire on corporate systems. This process can be seamless to the user (or a prompt can be displayed advising them that the password has been updated, and will be remembered by SecureLogin).

Strong passwords for applications considered to contain more personal information, such as eMail and HR systems, might be more suitably handled by the user so they feel as if they have control of their personal information. NSL supports the ability to allow this per application.  NSL can be rolled out with user defined passwords in the first phase of the project, and switch to random passwords at a later stage.  Organizations should also consider not using random passwords if the user needs to access a system without his or her own machine (ie. a public library). 

Applications that are unable to enforce password policies or expiry should use NSL to enforce strong password policies.