Password Policies - Security Best Practices - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Security Best Practices

Security Best Practices
Foundation 23.1

Password policies are established to increase the security around one of the weakest links in the security chain: User passwords. The typical users wants a password that is easy to remember and can be entered quickly. Unfortunately, this natural tendency leads to weak passwords that are easier for malicious attackers to guess or programmatically uncover.

Enforcing a robust password policy can force users to create stronger, more secure passwords to prevent them from creating easily guessed passwords or re-using passwords. Password policies can be configured in OnBase to establish minimum strengths for passwords and to lock out users after a certain number of failed attempts to log in, which can help defeat brute-force attempts to log in by malicious attackers.

The use of passphrases in OnBase is encouraged over more traditional passwords. Passphrases introduce a significant amount of randomness and length to a password and are often easier for users to remember. Passphrases can be created using favorite song lyrics, lines of poetry, or movie quotes and are more secure than short, complex passwords. For example, the phrase MyVeryEnergeticMotherJustAteNinePizzas is far easier to remember than Hr39fnsSS%3 and is more secure than the traditional password.


Additional recommendations for establishing a password policy in OnBase can be found in Password Controls.