NavUserPassword expiration and lockout

GoodwillNY

Nav2013R2 RTC

I might be missing something, but it seems strange that a Microsoft Product, especially a Financial product, should lack the ability to set password expiration and failed attempt lockouts within the NavUserPassword option. Somewhere, it knows enough to enforce complexity rules, but I haven't figured out where that is set. Granted, we could move to windows password and rely on Active Directory which has all those enforcements, but our auditors do not like single sign-on applications, as they consider it a possible security hole. I read a post about customizing a field to update when the user changes their password, and then run a sql script to turn on the force password change when it hits 90 days. That is doable I suppose, but still would require a custom, and it doesn't help towards the failed attempt lockout issue.

Does anyone have any guidance towards why this is so? Perhaps a work-around? Doesn't seem like the proper security for sensitive information.

Thanks,

Lewis

simeon0816

Using Active Directory is going to be much more secure that any customization you have put on the Database Server Authentication method, in my opinion. I think Microsoft is going the Windows Authentication method long term anyways... again just my opinion. Active Directory is PCI-Compliant, which should make the auditors happy. There isn't really anything about single sign-on applications that is inherently bad (as a concept), it is probably just their opinion. You can also restrict the "Allow Posting From, To", in the User Setup table. I presented this to some finicky financial auditors in the past and they were happy with that. But they liked that we were using Active Directory Authentication.