Skip Navigation
Expand
Configuring Passwords for Better Security
Answer ID 2060   |   Last Review Date 02/15/2023

What Options are Available in the Password Configuration Settings for Improving Security of Staff's Passwords?

Environment:

Staff Accounts, Contacts, Password Configuration
Oracle B2C Service

Resolution:

You can enhance your staff members’ and contacts' password security through options that allow you to prevent repeated invalid login attempts and to set password length, character requirements, and expiration options. Passwords are stored using PCI-compliant encryption methods.

To access the password configuration options for staff accounts, click the Configuration button on the navigation pane, and then double-click Password Configuration under Staff Management. These options affect the login requirements for staff members logging in to the administrative side of Oracle B2C Service. They do not affect passwords and other login requirements for customers logging in to the customer portal end-user pages. For instructions to configure customer passwords, see Answer ID 5312: Password Configuration.

Password configurations are interface-specific. That is, you can configure the password requirements on interface A separately from interface B. When a staff member configures or changes their password, the new password is compared to the password configuration table for the interface they are logging into. 

Number of Invalid Logins: This field defines the number of failed login attempts that are allowed before the system locks the account. When an account becomes locked, the staff member cannot log in to the account, even if they use the correct Login and Password configured for the account. Only administrators with the Groups/Accounts/Distribution Lists permission can unlock a staff account by clearing the Account Locked checkbox. When a staff member successfully logs in to their account, the invalid login count is reset to 0. By default, staff accounts are locked after five unsuccessful login attempts.

 Please note, the administrator account has the same log in requirements you have configured for your other staff accounts in the Password Configuration security options.

Expiration Interval: This field defines the number of days that passwords stay in effect. The expiration date is reset after creating a staff account or updating the account password from the Staff Accounts editor or the Change Password window. 
 
Grace Period: This field defines the number of days after a password expires in which staff members can enter a new password and still be allowed to log in. Once the grace period ends, staff members' accounts are locked, and you must reset the expiration date or the password. 
 

Warning Period: This field defines the number of days before the password expires in which staff members will be alerted to the approaching expiration date. During the period, staff members can log in normally and are notified of the number of days until the current password expires. 

Note: Warnings only display if the Expiration Interval is set to a valid (non-zero) time interval.

Password Length: This field defines the minimum number of characters required for a staff account password. Password length cannot exceed 20 characters.

Note: If this value is increased, staff accounts that have fewer characters than the new requirement retain their current passwords. When the staff member updates their password, they will be required to specify a password of appropriate length. Until they update the password, however, their account may have a password that is shorter than what is configured.
 

Character Repetitions: This field specifies the maximum number of consecutive repeated characters allowed in a password. For example, if Character Repetitions is set to 2, then a password such as 11011011 would be allowed, but 1110000 would not be allowed.

Character Occurrences: This field specifies the maximum number of times a character can be used in a password. For example, if Character Repetitions is set to 2, then a password such as 10123456 would be allowed, but 10101234 would not be allowed.

Lowercase Characters: This field specifies the minimum number of lowercase characters required in a password.
 
Uppercase Characters: This field specifies the minimum number of uppercase characters required in a password. 
 
Special Characters: This field specifies the minimum number of special characters required in a password. 
 

Numbers and Special Characters: This field specifies the minimum number of special characters, including numbers, required in a password.

Number of Previous Passwords: This field specifies the number of passwords that will be stored in memory for each staff account. Staff members cannot use any of the currently stored passwords when changing passwords. 
 
For additional information, refer to the 'Configure password requirements' section in the Online Help User Guide documentation. To access Oracle B2C Service manuals and documentation online, refer to the Documentation for Oracle B2C Service Products.

Available Languages for this Answer:

Notify Me
The page will refresh upon submission. Any pending input will be lost.