Tessitura Security

Thanks!

Sheila

One of the oddities with the password requirements is that it doesn't have a maximum value but it appears that it only reads 8 and ignores anything beyond that but, lets you thing you typed it in.

So, in our case with a PCI compliant complex 8 minimum, the minimum length becomes the maximum length.  Passwords fail if you don't  meet the complexity requirements within the first 8 characters as it ignores anything beyond that.  We had to change our user documentation to say the password can only be 8 characters as we had people (like me) create long complex passwords but they didn't qualify to tess as complex within the first 8 characters.  

We also had to change our user documentation to reflect tess complex vs everyone else complex.   Tess counts upper and lower case letters as just one thing -  letters -  where all our other systems treat these as two different classes (upper case and lower case) that can be used to meet  complexity requirements.

I see in the Security Documentation that, well straight from the doc:

"Tessitura employs standard password rules which are customizable per installation.  These include minimum password length, number of days until password expiration, enforced complexity and the number of days when warning message about soon to expire passwords will be displayed. "

But I've never touched it and I'm not sure where to change this info or even see current settings... where do we change this at? Any help appreciated - thanks.

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

Thanks!

Sheila

One of the oddities with the password requirements is that it doesn't have a maximum value but it appears that it only reads 8 and ignores anything beyond that but, lets you thing you typed it in.

So, in our case with a PCI compliant complex 8 minimum, the minimum length becomes the maximum length.  Passwords fail if you don't  meet the complexity requirements within the first 8 characters as it ignores anything beyond that.  We had to change our user documentation to say the password can only be 8 characters as we had people (like me) create long complex passwords but they didn't qualify to tess as complex within the first 8 characters.  

We also had to change our user documentation to reflect tess complex vs everyone else complex.   Tess counts upper and lower case letters as just one thing -  letters -  where all our other systems treat these as two different classes (upper case and lower case) that can be used to meet  complexity requirements.

I see in the Security Documentation that, well straight from the doc:

"Tessitura employs standard password rules which are customizable per installation.  These include minimum password length, number of days until password expiration, enforced complexity and the number of days when warning message about soon to expire passwords will be displayed. "

But I've never touched it and I'm not sure where to change this info or even see current settings... where do we change this at? Any help appreciated - thanks.

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!