Force 1 Special Character And 1 Numeric Character In New Password.

Document ID : KB000053164
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Is there a way to force the user community to provide at least 1 special character and 1 numeric character in their password? When the NEWPW control option is changed in the CA Top Secret parameter file changes(NEWPW), when does it become effective?

Answer:

NEWPW(FN) will force at least 1 numeric. (NEWPW(FA) will force at least 1 alphabetic character.)

For special characters, use the PASSCHAR control option in conjunction with the NEWPW(SC). PASSCHAR contains a list of special characters which can be used in new passwords. Special characters may not be acceptable in some applications or at some levels of the operating system. Valid special characters are:

.. Ampersand &
.. Asterisk *
.. At @
.. Colon :
.. Dollar $
.. Equal sign =
.. Exclamation mark !
.. Hyphen -
.. Logical Not ¬ .. Percentage sign % .. Period . .. Pound (hash) # .. Question mark ? .. Underscore _ .. Vertical line |

When used in conjunction with control option NEWPW(SC), all passwords must be defined with at least one of the characters in the PASSCHAR list. If NEWPW(SC) is absent, PASSCHAR characters are optional. If no characters are defined in PASSCHAR, NEWPW(SC) has no effect. NEWPW(SC) is a global option for all passwords and facilities. Only use NEWPW(SC) if every application which requires a security password accepts special characters. So to force 1 numeric and 1 special character, use the following in the CA Top Secret parameter file:

PASSCHAR(...) where '...' is the list of special characters you want used. (Up to 16 characters can be specified, separated by a comma.)

NEWPW(...SC,FN) where '...' represents anything currently specified in the NEWPW control option. Issue TSS MODIFY(STATUS(PASSWORD)) to see the current NEWPW setting.

To pick up changes in the CA Top Secret parameter file, CA Top Secret must be recycled (temporary shutdown and restart). Or you can dynamically set these via:

TSS MODIFY PASSCHAR(...)

TSS MODIFY NEWPW(MIN=5,ID,RS,MINDAYS=1,WARN=3,SC,FN)

(The TSS MODIFY command is only valid until the next recycle of CA Top Secret.) Once set, the next time a user changes their password, users will need to specify at least 1 numeric and 1 special character.

The NEWPW control option specifies restrictions for new passwords specified by a user, so this option doesn't affect new passwords set with the TSS command by a CA Top Secret administrator.

Additional Information:

Please see the CA Top Secret Control Options Guide for more information on the NEWPW and PASSCHAR control options.