Hi all,
Is it possible in TNEW v7 to make the minimum password length 8 characters instead of 6? I don't see a setting for this, and it's a requirement by our PCI auditors that we have this.
I realize we can do this with Javascript, but that would make it easily defeatable just by turning off javascript.
Thanks!
Kevin.
That's a great question: I guess there are no customer login password rules enforced by the Tessitura application itself, and TNEW's rules are not available for configuration. If your PCI auditor is giving you grief you'll have to pass them on to the Web Products team.
While I agree that being able to manage those settings based on the organization's needs seems like a fabulous idea, to me, this sounds like a bit of an overzealous auditor. I am plenty aware of the password requirements for employees, but this is the first I am hearing of a PCI requirement for customers using the website. Unless I have just missed that part of our own PCI compliance (not impossible).
John
It may be that the auditor is missing the distinction. Back when we did more than just pass our Tessitura documents to them I know that the password requirements for end users were minimal. I do know that TNEW 7 upped the requirements for complexity.
The auditor is not missing the distinction. The Smithsonian has their own password requirements which tend to be a little stricter than normal (eight characters), but not as strict as Federal Government, which seems to requires a minimum of 12 to 20 characters on most new web apps, depending on the department.
Our Tessitura integrated website right now uses eight characters as a minimum length, so we're trying to continue to adhere to that.
Well. Then that means that it sounds like you have some fun on your hands.
Best of luck?