Do not allow same password for 6 generations while changing password.
For each generation at least 4 characters must be changed - Only if feasible in our system.
This is for Partner, Broker and CA
- relates to
-
WT-11004 HiTrust Recommended Change - Restriction on Same password repeat
-
- Resolution Setting
-
Gaurav Sodani (Inactive)
made changes -
| Dev Due Date | 29/Sep/2017 | |
| Item State | Parent values: Development(10200)Level 1 values: In Analysis(10204) |
| Assignee | Jaideep Vinchurkar [ jaideep.vinchurkar ] | Akash Thakur [ akash.thakur ] |
Jennifer Reed (Inactive)
made changes -
| Labels | Hi-Trust |
-
- Time Spent:
- 4h
-
Analysis, Feasibility and integration into system compatibility study.
| Status | New [ 10508 ] | In Analysis [ 10008 ] |
| Remaining Estimate | 24h [ 86400 ] | 20h [ 72000 ] |
| Time Spent | 4h [ 14400 ] | |
| Worklog Id | 83661 [ 83661 ] |
| Resolution | Done [ 10000 ] | |
| Status | In Analysis [ 10008 ] | Closed [ 6 ] |
| Resolution | Done [ 10000 ] | Unresolved [ 10200 ] |
| Status | Closed [ 6 ] | In Analysis [ 10008 ] |
| Assignee | Akash Thakur [ akash.thakur ] | Santosh Balid [ santosh.balid ] |
| Remaining Estimate | 20h [ 72000 ] | 18h [ 64800 ] |
| Time Spent | 4h [ 14400 ] | 6h [ 21600 ] |
| Worklog Id | 88607 [ 88607 ] |
I discussed this with Vijayendra Shinde, the first part i.e Do not allow same password for 6 generations while changing password. is easily achievable, as we already maintain History tables now.
But 2nd part i.e For each generation at least 4 characters must be changed , We should reject this, as we can not store users password somewhere else even we store it using encryption/decryption utility in encrypted format as decryption is possible there, so ultimately it is compromise with Security and this will affect our Security , as praetorian can even ask/check in how many places we store password , even though we use it for only validation purpose.
Regards,
Santosh
Cc: Samir, Satya, Jaideep Vinchurkar, Vijayendra Shinde, Bharti Satpute
| Remaining Estimate | 18h [ 64800 ] | 14h [ 50400 ] |
| Time Spent | 6h [ 21600 ] | 10h [ 36000 ] |
| Worklog Id | 88770 [ 88770 ] |
| Remaining Estimate | 14h [ 50400 ] | 9h [ 32400 ] |
| Time Spent | 10h [ 36000 ] | 15h [ 54000 ] |
| Worklog Id | 89293 [ 89293 ] |
| Attachment | WT-11188_ETA's.xlsx [ 66934 ] |
| Attachment | WT-11188_Restriction on Same password repeat.docx [ 66935 ] |
| Assignee | Santosh Balid [ santosh.balid ] | Jaideep Vinchurkar [ jaideep.vinchurkar ] |
| Resolution | Unresolved [ 10200 ] | Done [ 10000 ] |
| Status | In Analysis [ 10008 ] | Closed [ 6 ] |
| Remaining Estimate | 9h [ 32400 ] | 8.5h [ 30600 ] |
| Time Spent | 15h [ 54000 ] | 15.5h [ 55800 ] |
| Worklog Id | 95089 [ 95089 ] |
| Link | This issue relates to WT-13350 [ WT-13350 ] |
| Transition | Time In Source Status | Execution Times |
|---|
|
16d 4h | 1 |
|
18d 20h 29m | 1 |
|
43d 1h 19m | 2 |
Hi Jaideep Vinchurkar,
Yes we can achieve this by maintaining history of users last 6 passwords (This needs enhancement).
For each generation at least 4 characters must be changed - This is something more challenging, as we store hashed passwords, where decryption is not possible.
But to have current password different with at-least 4 characters from any of the 6 historical password , we may need to store users password in plain text somewhere else by considering every possible security approach , such way that, this should be out of context for hackers....we need to think more on it...or we can even store password separately using our encryption decryption utility which is also a secure way to store. We just need this for comparison that, the password should have at-least 4 characters different from historical password/Previous password/last updated password.
Need to think upon above plain text password storage option in detail, will do more analysis on it tomorrow.
Regards,
Santosh
Cc: Satya, Samir