SystemManage Password Authentication Rules

An administrator can create password rules to enhance security in Loftware Enterprise SP. You can enter a regular expression to define the pattern and contents rules for passwords.

Important! Patterns for password patterns and contents are governed by the Java syntax for regular expressions.

Escape sequences are required for the following characters. Precede the character with a backslash.
< > ( ) [ ] { } | ^ - = + * $ ! ? . \

For more information about Java syntax for regular expressions, see "Scripting, Java, and XML" in External Links.

Note: To perform this task, you must be signed in as the ClientAdmin, SystemAdmin, or SuperAdmin user. For more information, see Controlling Access to System Settings

To configure rules for passwords in Loftware Enterprise SP, perform the following steps.

  1. In System System Management, click System Administration.
  2. In the Authentication Rules panel, to define the minimum and maximum number of characters allowed in a password, enter a regular expression for Password Pattern. For more information, see Password Pattern Examples. A four character minimum is used by default if you leave this field blank.

    Example

    The following sets an 8 character minimum and 50 character maximum:
    .{8,50}

  3. To define the characters required in a password, enter a regular expression for Password Contents. For more information, see Password Contents Examples.

    Example

    The following requires passwords to contain at least one uppercase character and at least one numeric character:
    (?=.*[A-Z])(?=.*[0-9])

  4. For Custom Password Error Message, enter the message to display to users if their new or changed password does not meet the criteria specified in Password Pattern and Password Contents. This message should inform the user what is required for a valid password.

    Example

    Password must be at least 8 characters and must contain at least 1 number.

  5. For Maximum Login Attempts, enter the number of times a user is allowed to enter an incorrect password before being locked out of Loftware Enterprise SP.

    Tip: If a user exceeds the number of sign in attempts, that user is locked out. To reactivate a user's access, select the user in Access Control Access Control, click Edit, select the Active check box, and then click Save. The SuperAdmin user is locked out after three failed sign in attempts. To reactivate SuperAdmin access, restart the Loftware Application Server.

  6. Click Save.

Password Pattern Examples

Example Definition

.{8,50}

8 character minimum and a 50 character maximum.

.{8,}

 8 or more characters.

.{8}

 Exactly 8 characters.

Password Contents Examples

You can use several strings in combination to create a stronger password requirement.

Example Definition

(?=.{8,50})

8 character minimum and a 50 character maximum.

(?=.*[a-z])

At least one lowercase character.

(?=.*[A-Z])

At least one uppercase character.

(?=.*[!@#$%&*\<\>\(\)\[\]\{\}\|\^\-\=\+\*\$\!\?\.\\])

At least one special character from the list:
!@#$%&*`~|^<>()[]{}|^-=+*$!?.\

(?=.*[0-9])

At least one numeric character.

(?=.*[a-z].*[a-z])

At least two lowercase characters.