Password Security Options

Recently one of our clients asked if we could provide additional levels of security for their user passwords. See below for the specifications they are requesting. I’m not sure any of it is possible in RT but would appreciate confirmation so I can give our client a definitive answer.

Minimum characters: 15
Enforce password history: 24 passwords remembered.
Maximum password age: 365 days.
Minimum password age: 0 days.
Passwords may not contain the user’s Account Name value or the Full Name value. Both checks are not case sensitive.
The password contains characters from three of the following categories:

  • Uppercase letters (A through Z)
  • Lowercase letters (a through z)
  • Base 10 digits (0 through 9)
  • Non-alphanumeric characters (special characters): (~!@#$%^&*_-+=`|(){}[]:;"’<>,.?/)
  • Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

Question: if a password is going to expire does RT alert the user?

Please communicate the passwords securely only to each individual’s email using https://pwpush.com/

You could do this in RT but it would require some custom code.

Another option is to use something like Oauth2 and Google to handle logins or LDAP and setup the password rules for that service.