As per customer compliance guidelines, we got some requests and our product does not comply with the requested points.
The minimum length of the password needs to be 8 characters.
Minimum password standards such as complexity should be shown if possible. e.g. possible characters, letters, digits, uppercase, lowercase needs to be implemented.
Please note that these points are part of the SOX-control compliance requirement that cutsomer needs to follow.
Below are the screenshot from Arena 6.2.4 and this security for password for the BEDROCK_INTERNAL users is not available.
It shows that the password can be of 5 char long.
As per the requirement from client this needs to be minimum 8 char long.
Once I select the auto-generated "complex" password, it is automatically stored in browser. This is not expected by the client and needs to be looked into.
There is not complexity check for the password. I can simply put "12345" and it will accept. The complexity of characters, letters, digits, uppercase, lowercase needs to be implemented as per the request of client.
|Customer Impact||Major inconvenience|