To support enterprise security standards, need the ability to require secure passwords (ie include numbers, capitals, special characters), and to force regular changes (i.e. every 90 days)

Comments

  • and it would be great if it could somehow support domain authentication (in a hosted environment usage)

  • In addition to the above suggestions, I would also like to see the ability to set a minimum length of a password and the ability to lock out a password after <X> number of failed password attempts for <N> minutes.

  • I would also like to see record password change in the member history. This will ease administrator followup on password periodic changes.

  • Great ideas - absolutely essential for us. We are storing a lot of corporate IP on our hosted VersionOne database and have to make sure that our accounts are as secure as they can be. I see too many people setting their passwords to "password"...

  • I would also echo comments above. these requirements are important when being hosted.

  • I agree changing the password regularly would be nice. Additionally force a user to change it the first time they log in. I am not a security expert so not sure if this would be a good idea or not, but also having a link to request a new password incase the user is locked out or forgot their password would be very nice.

  • This should be a standard feature.

  • Agree with the standard feature. Also change password the first time users log in. A link to request a new password incase the user is locked out or forgot their password.

  • I agree. A very much required feature for a SAAS product.

  • This feature needs to be added. We cannot do SSO because not all our users get internal accounts, but security requires strong passwords.

  • Jira allow admins to create accounts with temporary passwords and force a reset on the users first log in. They also allow you to enforce password rules and expire passwords. VersionOne really needs to add this capability. Without it, we may eventually be forced to move to Jira to meet enterprise security requirements.