Password complexity


Anton Doank
 

hi guys,
i want to make batch task to check complexity of the password. i want this batch task can check that the password must have min 8 char of length and min 1 uppercase, 1 number and 1 symbol. how to achieve this goal? 


Todd Baremore
 

Anton,
My syntax is probably off, but you'll get the idea.....

Virtual A Password                Alpha 20
Virtual B PswdChar               Alpha 1
Virtual C HasLowerCase       Logical
Virtual D HasUpperCase      Logical
Virtual E HasNumber           Logical
Virtual F HasSymbol             Logical

Block While Loopcounter() <= len(trim(A))
Update B = Mid(trim(A),LoopCounter(),1)
Update C = 'True'L   Cnd:  Instr('abcdefghijklmnopqrstuvwxyz',B)
Update D = 'True'L   Cnd:  Instr('ABCDEFGHIJKLMNOPQRSTUVWXYZ',B)
Update E = 'True'L   Cnd:  Instr('0123456789',B)
Update F = 'True'L   Cnd:  Instr('~!@#$%^&*()_-+=<>{}/[]\',B)
End Block

Verify Warning   'Good Password'   Cnd: C and D and E and F and len(trim(A))>7
Verify  Warning   'Bad Password'     Cnd: Not(C and D and E and F and len(trim(A))>7)

Todd

On 5/9/2022 8:05 AM, Anton Doank wrote:
hi guys,
i want to make batch task to check complexity of the password. i want this batch task can check that the password must have min 8 char of length and min 1 uppercase, 1 number and 1 symbol. how to achieve this goal? 


Anton Doank
 

hi todd..thank you your logic is very clear..thank you very much


Keith Canniff
 

Anton,

 

If this is for a company, maybe you should think about using their LDAP or Active Directory for your users and passwords. IT hates having to manage two sets of users and passwords. When you tell them that your application can use LDAP or Active Directory for user/password management they will be very happy with you. Now you don’t have to worry about password complexity. The company has determined this.

 

Then again, if this is for a standalone application, Todd’s method will work fine.

 

Keith

 

From: main@magicu-l.groups.io <main@magicu-l.groups.io> On Behalf Of Anton Doank
Sent: Monday, May 9, 2022 8:06 AM
To: main@magicu-l.groups.io
Subject: [magicu-l] Password complexity

 

hi guys,
i want to make batch task to check complexity of the password. i want this batch task can check that the password must have min 8 char of length and min 1 uppercase, 1 number and 1 symbol. how to achieve this goal? 


Anton Doank
 

hi keith,
yes this is for my company inhouse program. this program already run about 15 year so far. i create simple customize login form that not connected to active directory. before password parameter is only 8 char of length. now i want to enhance the password parameter like todd logic. my user can have multiple username for program but they only have 1 username in active directory. thats why i cannot using that way. or maybe there is something that i missed to use that feature? and i also dont want to make major changes for the credential. single password is good for user so they no need to remember multiple password for each application


Keith Canniff
 

Anton,

 

The user actually doesn’t have to log into the program at all. When the program starts and it’s set to use AD, Magic itself goes out and authenticates against AD. So they don’t have to remember another password at all.

 

So it works like this.

 

Active Directory (IT)

IT sets up security groups in AD (that match the names of the groups you have in your Magic program)

IT assigns users to those groups (the same as you would have in Magic)

 

Your Magic Application

You remove the users (or you can leave them there and not use them

In the Magic.ini you switch the login mode.

 

That’s basically it. Magic looks up the user in AD and downloads all the groups associated with them.

Magic then uses those groups to get all the rights in your application and your application works the same as it did before. No programming changes necessary!

 

Pros

  1. User doesn’t have to learn another (now complex) password
  2. When users are added or deleted from the network, your application doesn’t have to be updated
  3. If the company wants to change the password strength, or force a change to the password at timed intervals (like every 30 or 90 days) you don’t have to do anything in your application

Cons

  1. Since the user doesn’t log into the application, they have to be that network user in the application
    1. This can be overridden. For example I have an admin account that uses a separate shortcut that uses an override file to tell Magic to use the traditional login and then I have to login with a userid/password. Since I only use this account rarely, it’s not a big deal
  2. You cannot use individual rights on users. All rights must be assigned to groups
    1. If you have rights that temporary (switch between users, vacation, etc.) then you can setup individual groups for these rights and then IT can assign those groups to users and have them expire at some point.

 

Hopefully that provides more information for you to make a decision by.

 

Keith

 

From: main@magicu-l.groups.io <main@magicu-l.groups.io> On Behalf Of Anton Doank
Sent: Monday, May 9, 2022 10:11 AM
To: main@magicu-l.groups.io
Subject: Re: [magicu-l] Password complexity

 

hi keith,
yes this is for my company inhouse program. this program already run about 15 year so far. i create simple customize login form that not connected to active directory. before password parameter is only 8 char of length. now i want to enhance the password parameter like todd logic. my user can have multiple username for program but they only have 1 username in active directory. thats why i cannot using that way. or maybe there is something that i missed to use that feature? and i also dont want to make major changes for the credential. single password is good for user so they no need to remember multiple password for each application


Anton Doank
 

hi keith,
thank you for your complete brief about ldap. one more question. my program use user(0) function to get the username who login to write username in every table of transaction. because all my program use this username can ldap solve this case?from my knowledge user(0) only can retrieve from magic logon function. correct me if iam wrong


Keith Canniff
 

Anton,

 

Yes User(0) will return the username from the network. So if your network Username is ADoank, then User(0) will return ADoank.

 

I believe the one thing you have to be careful with is using long user names. For example some networks will setup the user with “Anton.Doank” as the username. I think this caused a problem but the IT people where our software was installed resolved it.

 

Keith

 

From: main@magicu-l.groups.io <main@magicu-l.groups.io> On Behalf Of Anton Doank
Sent: Monday, May 9, 2022 11:06 AM
To: main@magicu-l.groups.io
Subject: Re: [magicu-l] Password complexity

 

hi keith,
thank you for your complete brief about ldap. one more question. my program use user(0) function to get the username who login to write username in every table of transaction. because all my program use this username can ldap solve this case?from my knowledge user(0) only can retrieve from magic logon function. correct me if iam wrong


Anton Doank
 

thanks keith, i will explore the probability to use this feature. need time to RnD, thank you