Password Complexity and Email Address Required On Candidate Gateway Registration Page Based on Singapore Requirements. (Doc ID 1371227.1)

Last updated on DECEMBER 02, 2015

Applies to:

PeopleSoft Enterprise HCM Candidate Gateway - Version 9.1 and later
Information in this document applies to any platform.

Symptoms


User requires to have 8 alphanumeric characters password complexity rule and email address required when a new applicant wants to register in Candidate Gateway Career Page.

This requirement is based on Singapore Government Compliance, quoted below:
ICT security clause Authentication 1.2.1
"Agencies shall ensure that the strength of the authentication credentials commensurate with the risk and business impact of the Application System."

======================================================================
ICT security clause Authentication 1.2.1
"Agencies shall ensure that the strength of the authentication credentials commensurate with the risk and business impact of the Application System."
======================================================================

Password must meet complexity requirements

Description
----------------

This security setting determines whether passwords must meet complexity requirements. Complexity requirements are enforced when passwords are changed or created.
If this policy is enabled, passwords must meet the following minimum requirements when they are changed or created:

    * Passwords must not contain the user's entire samAccountName (Account Name) value or entire displayName (Full Name) value. Both checks are not case sensitive
    * The samAccountName is checked in its entirety only to determine whether it is part of the password. If the samAccountName is less than three characters long, this check is skipped.
    * The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed not to be included in the password. Tokens that are less than three characters in length are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin," "M," and "Hagens." Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password.
    * Passwords must contain characters from three of the following five categories:

   1. Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
   2. Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
   3. Base 10 digits (0 through 9)
   4. Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/
   5. Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms