Zum Hauptinhalt springen
Deutsch
|
English

PASSWORDMINLENGTH - Detailed description

Administration

IC2884
Administrator
Administration
FM-Portal

Overview

Parameters:PASSWORDMINLENGTH
Category: Login
Default value: 8
Product: eTASK.Login

What does this parameter do?

This parameter specifies the minimum number of characters a password must have in the eTASK FM portal. It ensures that users cannot use passwords that are too short and therefore insecure. The rule is only checked when creating or changing passwords.

What is this parameter used for?

  • Password validation during user registration

  • Password changes by existing users

  • Password reset processes by administrators

  • Enforcement of security standards throughout the portal

  • Protection against weak passwords through technical requirements

Technical Details (for Administrators)

Format: Integer
Default value: 8 Characters
Valid range: Recommended between 6 and 32 characters

Examples of valid values:
- 6 - Minimum security (only in exceptional cases)
- 8 - Standard (complies with common security guidelines)
- 10 - Enhanced security (good compromise)
- 12 - High security (for sensitive environments)
- 16 - Maximum security (may frustrate users)

Important: This parameter applies ONLY to passwords stored locally in the FM Portal. For Active Directory authentication, the AD password policies apply.

Interaction with other parameters: - PASSWORDMAXLENGTH: Maximum password length (must be greater than the minimum length) - PASSWORDPOLICY: Defines additional complexity requirements (special characters, numbers, uppercase/lowercase letters) - PASSWORDHISTORYLENGTH: Prevents reuse of old passwords - PASSWORDEXPIRATIONPERIODMONTH: Enforces regular password changes

Retroactive change: An increase does not affect existing passwords. Users must meet the new requirement only when they next change their password.

When should you change this value?

Increase the value (e.g., to 10, 12, or 16) if:

  • Your organization has stricter security policies or compliance requirements

  • You work with highly sensitive data (finance, health, personal data)

  • Compliance requirements (e.g., ISO 27001, GDPR, TISAX) mandate longer passwords

  • Frequent brute-force attacks or security incidents have occurred

  • Users primarily use password managers (automatically generated long passwords)

Keep the value (default 8) if:

  • The current security standard meets your requirements

  • User-friendliness is a priority and acceptance is important

  • There are no specific security requirements or compliance mandates

  • The combination with PASSWORDPOLICY (complexity) already provides sufficient protection

Decrease value (NOT recommended):

Reducing the length to fewer than 8 characters significantly weakens security and should only be considered in absolutely exceptional cases (e.g., legacy systems with technical limitations).

Important Notes

  1. Existing passwords remain valid: If you increase the minimum length from 8 to 12, users with 8-character passwords can still log in. The new rule takes effect only at the next password change.

  2. Inform users in advance: Communicate changes beforehand via mass emails or notices in the portal to avoid frustration during the next password change.

  3. Consider interaction with PASSWORDPOLICY: You achieve the best security through a combination of minimum length and complexity requirements. Set PASSWORDPOLICY to "All" for optimal protection.

  4. Consistency with PASSWORDMAXLENGTH: Ensure that PASSWORDMINLENGTH < PASSWORDMAXLENGTH. Otherwise, valid passwords cannot be created.

  5. No impact on Active Directory: This parameter affects only local FM Portal accounts, not users who authenticate via domain login.

  6. Password manager compatibility: Most password managers generate passwords that are 12–20 characters long by default. A minimum length of 8–12 characters is ideal here.

Security

Does changing this parameter affect security?

Yes, this parameter is directly security-critical.

Positive effects:

  • Higher values significantly increase security against brute-force and dictionary attacks

  • Longer passwords = larger search space for attackers (exponential growth in possible combinations)

  • Enforces careful password selection and reduces trivial passwords such as "12345678"

  • Applies ONLY to portal login, not to Active Directory authentication

  • Interacts with other security parameters such as PASSWORDPOLICY, LOCKOUTTHRESHOLD, and PASSWORDHISTORYLENGTH for multi-layered protection

Risks of incorrect configuration:

  • Values that are too low (<6 characters) allow for trivial passwords and drastically increase the risk of successful attacks

  • Values that are too high (>16 characters) can lead to insecure practices: users write down passwords, use patterns, or choose passphrases that are easy to guess

Recommended best practices:

  • Minimum length of 8 characters (current standard)

  • Combine with PASSWORDPOLICY="All" for complexity requirements

  • Regular changes via PASSWORDEXPIRATIONPERIODMONTH (e.g., every 6 months)

  • Password history via PASSWORDHISTORYLENGTH (e.g., the last 5 passwords)

  • Account lockout via LOCKOUTTHRESHOLD in case of attack attempts

Conclusion: Changes to this parameter have direct and measurable effects on system security. A minimum length of 8 characters is mandatory. For enhanced security requirements, we recommend 10–12 characters.

Practical example

Initial situation: Several user
accounts in your organization have been compromised due to weak passwords. An internal security audit revealed that many employees use 8-character passwords such as "Portal2024." The security department is demanding stricter requirements.

Configuration:
You increase PASSWORDMINLENGTH from 8 to 12 and additionally enable PASSWORDPOLICY to "All" (uppercase and lowercase letters, numbers, and special characters required).

After the change:

  1. User Anna Müller (existing account):
    - Logs in successfully on Monday with her
    8-character password "Portal24" - Receives a system notification on Friday: "Effective immediately, new passwords must be at least 12 characters long"
    - Changes her password to "Portal#2024!Secure" (19 characters)
    - The password change is accepted

  2. New user Max Schmidt:
    - Attempts to enter the password "Password1" (10 characters
    ) during initial registration - System displays error message: "The password must be at least 12 characters long and contain special characters"
    - Chooses "MySecure#Password2024" (25 characters) instead
    - Registration is successfully completed

  3. Administrator verifies:
    - Existing 8-character passwords still work (no immediate lockout)
    - New passwords must be 12+ characters long
    - Combination with PASSWORDPOLICY enforces complexity
    - No performance issues due to the change

Result: Security increases significantly without immediately locking out existing users. New passwords are much harder to guess or crack. User acceptance remains high because the change was announced and implemented gradually.

Recommended setting

Default installations: Keep the value at 8 characters. This complies with current security standards and offers a good balance between security and user-friendliness.

Enhanced security requirements: Set the value to 10-12 characters in combination with PASSWORDPOLICY="All". This is particularly recommended for: - Financial institutions - Healthcare
facilities - Government agencies and public administrations - Companies handling sensitive data

High-security environments: For maximum security, you can 16 characters, but you should provide password managers for your users.

Never less than 6 characters: Values of fewer than 6 characters are not acceptable for security reasons and should be avoided.

War dieser Artikel hilfreich?