-
Type:
Enhancement
-
Status: Closed
-
Priority:
Medium
-
Resolution: Done
-
Component/s: BenAdmin
-
Labels:None
-
Module:BenAdmin - Security
-
Reported by:Support
-
Item State:Production Complete - Closed
-
Sprint:ST Sprint 1
System should set strong password policy for newly added clients by default.
Strong password should consider below points-
1. Password must contain at least one letter
2. Password must contain at least one numeric digit
3. Password must contain at least one special character
4. Password must contain at least one UPPERCASE character
5. Password must contain at least one lowercase character
6. Password must be MINIMUM of 10 characters
| Field | Original Value | New Value |
|---|---|---|
| Assignee | Vijayendra Shinde [ ID10506 ] |
| Status | New Request [ 10029 ] | Pending for Approval [ 10002 ] |
| Status | Pending for Approval [ 10002 ] | Approved for Development [ 10003 ] |
| Status | Approved for Development [ 10003 ] | In Development [ 10007 ] |
| Description |
System should set strong password policy for newly added clients. Strong password should consider below points- 1. Password must contain at least one letter 2. Password must contain at least one numeric digit 3. Password must contain at least one special character 4. Password must contain at least one UPPERCASE character 5. Password must contain at least one lowercase character 6. Password must be MINIMUM of 8 characters |
System should set strong password policy for newly added clients by default. Strong password should consider below points- 1. Password must contain at least one letter 2. Password must contain at least one numeric digit 3. Password must contain at least one special character 4. Password must contain at least one UPPERCASE character 5. Password must contain at least one lowercase character 6. Password must be MINIMUM of 8 characters |
| Status | In Development [ 10007 ] | Mockup Approval [ 10010 ] |
| Issue Type | Enhancement [ 4 ] | Change Request [ 10002 ] |
| Status | Mockup Approval [ 10010 ] | Mockup Approved [ 10012 ] |
| Status | Mockup Approved [ 10012 ] | In Development [ 10007 ] |
| Issue Type | Change Request [ 10002 ] | Enhancement [ 4 ] |
| Item State | Parent values: Development(10200)Level 1 values: In Progress(10206) |
| Attachment | Script.sql [ 14223 ] |
| Sprint | ST Sprint 1 [ 1 ] |
| Rank | Ranked higher |
| Description |
System should set strong password policy for newly added clients by default. Strong password should consider below points- 1. Password must contain at least one letter 2. Password must contain at least one numeric digit 3. Password must contain at least one special character 4. Password must contain at least one UPPERCASE character 5. Password must contain at least one lowercase character 6. Password must be MINIMUM of 8 characters |
System should set strong password policy for newly added clients by default. Strong password should consider below points- 1. Password must contain at least one letter 2. Password must contain at least one numeric digit 3. Password must contain at least one special character 4. Password must contain at least one UPPERCASE character 5. Password must contain at least one lowercase character 6. Password must be MINIMUM of 10 characters |
For employee login, I added new company on Stage by updating master company db. Added new employee with below settings -
Username Password
Lastname 4 1
Firstname 1 2
SSN 3 3
DateofBirth 2 2
EmployeeID 0 2
All scenarios are working fine.
| Attachment | Script.sql [ 14223 ] |
| Attachment | Script.sql [ 14279 ] |
| Item State | Parent values: Development(10200)Level 1 values: In Progress(10206) | Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) |
| Item State | Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) | Parent values: Local QA(10201) |
| Status | In Development [ 10007 ] | Local Testing [ 10200 ] |
| Assignee | Vijayendra Shinde [ ID10506 ] | Shubhankar Joshi [ shubhankar ] |
| Assignee | Shubhankar Joshi [ shubhankar ] | Zeeshan Chishty [ zeeshan.chishty ] |
Step 1: Do not set default password. If set it should be random always and not predictable.
Step 2: Send a onetime valid link to the users mail id .Set a 1 or 2 day expiration time for using that link.
Step 3: When user clicks the link navigate user to change password page/set password page
Step 4: Use a strong password policy like minimum 8 characters, alpha numeric at least 1 special and 1 upper
case character .no sequential characters allowed(11,aa,555)
Step 5:Invalidate the sent link immediately from server.
Zeeshan Chishty (Inactive)
added a comment - Step 1: Do not set default password. If set it should be random always and not predictable.
Step 2: Send a onetime valid link to the users mail id .Set a 1 or 2 day expiration time for using that link.
Step 3: When user clicks the link navigate user to change password page/set password page
Step 4: Use a strong password policy like minimum 8 characters, alpha numeric at least 1 special and 1 upper
case character .no sequential characters allowed(11,aa,555)
Step 5:Invalidate the sent link immediately from server. Zeeshan Chishty (Inactive)
made changes -
| Status | Local Testing [ 10200 ] | Reopen in Local [ 10018 ] |
ST 168 is enhancement suggestion to ST-88.
Zeeshan Chishty (Inactive)
made changes -
| Assignee | Zeeshan Chishty [ zeeshan.chishty ] | Niteen Surwase [ niteen.surwase ] |
| Assignee | Niteen Surwase [ niteen.surwase ] | Vijayendra Shinde [ ID10506 ] |
Vijayendra Shinde Is this re-open?
Hi Rakesh,
Zeeshan has some suggestion over existing password generation. He has added new JIRA ST-168 for this suggestion.
Changes which we did for this ticket are working fine.
We can move this to Stage.
Thanks.
| Item State | Parent values: LB QA(10201) | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) |
| Status | Reopen in Local [ 10018 ] | In Development [ 10007 ] |
| Status | In Development [ 10007 ] | Local Testing [ 10200 ] |
| Developer | Vijayendra Shinde [ ID10506 ] |
| Attachment | MasterCompanyDB_17_ST88_WTB_Security_Update_PasswordCredentials.sql [ 21849 ] | |
| Attachment | OnlineEnrollment_17_ST88_WTB_Security_Update_PasswordCredentials - Copy.sql [ 21850 ] |
Gokul Sonawane (Inactive)
made changes -
| Item State | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) | Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) |
| Assignee | Vijayendra Shinde [ ID10506 ] | Deepali Tidke [ deepalit ] |
Gokul Sonawane (Inactive)
made changes -
| Item State | Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) |
Once WT-3585 is fixed , can proceed with this patch
| Item State | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) | Parent values: LB QA(10201)Level 1 values: In Testing(10210) |
Gokul Sonawane (Inactive)
made changes -
| Item State | Parent values: LB QA(10201)Level 1 values: In Testing(10210) | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) |
| Item State | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) | Parent values: LB QA(10201)Level 1 values: On Hold(10211) |
verified on lb , all the passwords combinations on security pages are working fine.
| Item State | Parent values: LB QA(10201)Level 1 values: On Hold(10211) | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) |
| Item State | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) | Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) |
| Status | Local Testing [ 10200 ] | Pending for Stage Approval [ 10300 ] |
| Status | Pending for Stage Approval [ 10300 ] | Approved for Stage [ 10030 ] |
| Status | Approved for Stage [ 10030 ] | Stage Testing [ 10201 ] |
verified on stage , all the passwords combinations on security pages are working fine.
| Item State | Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) | Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) |
| Item State | Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) | Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) |
| Assignee | Deepali Tidke [ deepalit ] | Rashmita Dudhe [ rashmita.dudhe ] |
| Status | Stage Testing [ 10201 ] | Pending for Production Approval [ 10301 ] |
| Status | Pending for Production Approval [ 10301 ] | Approved for production [ 10034 ] |
| Status | Approved for production [ 10034 ] | Production Testing [ 10202 ] |
| Item State | Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) | Parent values: Production QA(10203)Level 1 values: In Testing(10218) |
We can not add new Company on Production.
for existing company all the passwords combinations on security pages are working fine.
| Item State | Parent values: Production QA(10203)Level 1 values: In Testing(10218) | Parent values: Production Complete(10222)Level 1 values: Closed(10223) |
| Resolution | Fixed [ 1 ] | |
| Status | Production Testing [ 10202 ] | Production Complete [ 10028 ] |
| Status | Production Complete [ 10028 ] | Closed [ 6 ] |
| Transition | Time In Source Status | Execution Times |
|---|
|
36s | 1 |
|
4s | 1 |
|
2s | 1 |
|
20h 5m | 1 |
|
3m 1s | 1 |
|
4s | 1 |
Zeeshan Chishty (Inactive)
made transition
-
|
30d 23h 7m | 1 |
|
80d 1h 44m | 1 |
|
6d 7h 18m | 2 |
|
41d 22h 9m | 1 |
|
2s | 1 |
|
6s | 1 |
|
16d 18h 17m | 1 |
|
3s | 1 |
|
7s | 1 |
|
5h 44m | 1 |
|
196d 17h 34m | 1 |
Script has been added into JIRA.
Verified Add scenarios of Partner, Broker and Company Admin. In edit mode we cannot not edit user's own password due to security reason. So not able to verify edit mode.
For employee role, tried to add new employee on LB with Strong password and Username settings but not able to add employee on LB.