NavUserPassword expiration and lockout
GoodwillNY
Member Posts: 4
Nav2013R2 RTC
I might be missing something, but it seems strange that a Microsoft Product, especially a Financial product, should lack the ability to set password expiration and failed attempt lockouts within the NavUserPassword option. Somewhere, it knows enough to enforce complexity rules, but I haven't figured out where that is set. Granted, we could move to windows password and rely on Active Directory which has all those enforcements, but our auditors do not like single sign-on applications, as they consider it a possible security hole. I read a post about customizing a field to update when the user changes their password, and then run a sql script to turn on the force password change when it hits 90 days. That is doable I suppose, but still would require a custom, and it doesn't help towards the failed attempt lockout issue.
Does anyone have any guidance towards why this is so? Perhaps a work-around? Doesn't seem like the proper security for sensitive information.
Thanks,
Lewis
I might be missing something, but it seems strange that a Microsoft Product, especially a Financial product, should lack the ability to set password expiration and failed attempt lockouts within the NavUserPassword option. Somewhere, it knows enough to enforce complexity rules, but I haven't figured out where that is set. Granted, we could move to windows password and rely on Active Directory which has all those enforcements, but our auditors do not like single sign-on applications, as they consider it a possible security hole. I read a post about customizing a field to update when the user changes their password, and then run a sql script to turn on the force password change when it hits 90 days. That is doable I suppose, but still would require a custom, and it doesn't help towards the failed attempt lockout issue.
Does anyone have any guidance towards why this is so? Perhaps a work-around? Doesn't seem like the proper security for sensitive information.
Thanks,
Lewis
0
Comments
-
Using Active Directory is going to be much more secure that any customization you have put on the Database Server Authentication method, in my opinion. I think Microsoft is going the Windows Authentication method long term anyways... again just my opinion. Active Directory is PCI-Compliant, which should make the auditors happy. There isn't really anything about single sign-on applications that is inherently bad (as a concept), it is probably just their opinion. You can also restrict the "Allow Posting From, To", in the User Setup table. I presented this to some finicky financial auditors in the past and they were happy with that. But they liked that we were using Active Directory Authentication.0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions