Password Management in eCatalog


Robust Internal User Management and Security:

eCatalog offers a comprehensive internal user management system that includes an advanced password management module. This module is designed for environments not utilizing Active Directory (AD) and focuses on enhancing security through robust password policies.


Key Features of Password Management:


  • Password Complexity Requirements:
    • Minimum Length
      Administrators can set the minimum password length, with a recommended length of 15 characters
    • Character Requirements
      Configurations can include at least one uppercase letter (A-Z), one lowercase letter (a-z), one digit (0-9), and one special character (!,$,#,%, etc.).
    • Total Rules Applied
      A recommended total of four complexity rules to ensure robust passwords.
    • Prohibitions
      Passwords cannot contain black-listed keywords, nor can they be too similar to the username.
  • Password Lifecycle Management:
    • Maximum Age
      Passwords must be changed annually, with a recommended maximum age of 365 days.
    • History and Reusability
      The system can track the last five passwords (recommended setting), preventing reuse.
    • Minimum Age
      Prevents frequent password changes, disabled by default to allow flexibility.


Password Hashing Protocols:


  • Default Hashing with BCrypt
    By default, passwords are hashed using BCrypt, a robust hashing method known for its security efficacy. BCrypt utilizes a unique salt for each password, enhancing security by preventing rainbow table attacks.
  • Configurable Hashing Options
    Administrators can choose from various hashing algorithms, including MD5, SHA-1, SHA-2, SHA-3, BLAKE2, Whirlpool, and RIPEMD-160, depending on security needs and compliance requirements.
  • Hashing and System Initialization
    It’s critical to select a hashing method at system setup because changing the hashing algorithm after deployment will render existing hashes unreadable. In such cases, administrators must require users to reset their passwords.


Implementing Password Policies:

To enforce these password policies, administrators can access the password management settings through the eCatalog’s administrative dashboard. This access allows for real-time updates to the password policy and immediate application across the user base.


Security Considerations:

Implementing stringent password policies is vital for protecting access to the system, particularly in environments sensitive to information security. Regular reviews and updates to these policies help maintain defense against evolving cyber threats.