Password Protection

How a user changes a user password:

The password can be up to 255 character long.

A non-manager user can change his password via the Tools menu. Here the userexit prt_mod_pwd is called.

Login to Agile e6 with your normal password.

Select Tools > Change Password.
The Change password mask is opened.

Enter your current password and your new password.

Click OK.

For user with a remote credential mapping, a password change is not supported. An error message will be displayed in Agile e6. You have to change the password in the remote system!

How an administrator changes a user password:

An administrator (manager) can change the password for a user.

Login to Agile e6 with an administrator password.

Select Manager > Permissions > User > Basic Data .
The User Data mask is opened.

To control user logins, the field Logins logs the number of unsuccessful login attempts of a user because of a wrong password.

Click the Refresh button to display all users .

Select the user for which the password has to be changed.

From the context menu select Set Password.
The Please enter new password mask is opened.

Enter the administrator password.
This is the password of the administrator that is currently logged in.

Enter the new user password.

Click OK.

For user with a remote credential mapping, a password change is not supported. An error message will be displayed in Agile e6. You have to change the password in the remote system!


Enhanced Security (ENC)

In order to improve password security you can store password assignment rules in the system. All required functions are summarised in the "Enhanced Security" extension. A set of default variables named DTV-PWD-... is used to activate the extension and to define rules.

System Variable Comment Default Value
DTV-PWD-ENC Activates the "Enhanced Security" extension:
n -> Enhanced Security deactivated. The rules defined in the other DTV-PWD-...variables are ignored.
y
-> Enhanced Security activated. The rules defined in the other DTV-PWD-...variables are effective.
n
DTV-PWD-MIN-LEN Minimal string length of the password to be entered 6
DTV-PWD-MAX-LEN Maximum string length of the password to be entered 8
DTV-PWD-ALP-REQ Minimal number of required letters in the password 0
DTV-PWD-SND-REQ Minimal number of special characters required in the password 0
DTV-PWD-NUM-REQ Minimal number of required numeric characters in the password 0
DTV-PWD-EXP-DAY Validity span of the password in number of days 29
DTV-PWD-WRN-DAY User warning period in number of days before password expires 10
DTV-PWD-NUM-FAI-CNT Maximum number of incorrect logins 3


Enhanced Character Conventions for Passwords

Please make sure that the minimal number of characters (DTV-PWD-MIN-LEN) is smaller than the maximum number of characters (DTV-PWD-MAX-LEN) and that the sum of the three variables defining character conventions (...REQ) result in a value not exceeding the maximum number of characters of the password. If that rule is not observed, the system will not be able to correct that. If the password entered mismatches one of the conventions defined, no login will be granted. In this case you will have to deactivate "Enhanced Security" and change the conventions.

Enhanced Password History

In the Security tab of the user form you can get information of the password history of the user. The form displays the date of the last login, the date of the last password update and the last five password entries Password 1 ... 5 in encrypted form. The Index field informs you on the number of passwords already entered in the history. After a password update, "Enhanced Security" will automatically check that the new password does not correspond to one of the last five passwords used. This forces users to create new passwords. The passwords already stored in the password history cannot - as opposed to the current password - be removed by deleting the encrypted entry.


Enhanced Password Validity

If these the variable DTV-PWD-EXP-DAY has been used to define a password validity, it is necessary to inform users a couple of days in advance that password validity will run out. This information offset value is defined in the variable DTV-PWD-EXP-DAY. If "expiration date minus offset" has passed, the systems will output a warning message directly in the password mask during the login procedure, The user will be requested to enter a new password. If the message is ignored until after the end of the validity period (cancel in the password mask) and no new password is entered, the user will not be able to login any longer.


Enhanced Security and the Maximum Number of Incorrect Logins

The maximum number of incorrect logins is limited to three in the DTV-standard. If "Enhanced Security" is activated, you can use the DTV-PWD-NUM-FAI-CNT variable to disable that rule. The Login field in the user form logs the number of incorrect password entries resulting in an unsuccessful login.