Use the following information to help you decide how to configure Self Service Password Reset to get the best results.
To enhance the security of password policies:
Use a word list to prevent easily guessable passwords
Use a shared word list to prevent organizational password value use from becoming common among many users
Do not allow users to configure challenge questions
Do not impose complex syntax rules on users; instead, use a specific overall complexity level
Use a long list of potential random question challenges that are unlikely to have similar answers among different users
For more information, see Configuring a Profile for a Password Policy
in the Self Service Password Reset 4.3 Administration Guide.
To enhance the security of Self Service Password Reset, Micro Focus recommends that you do the following:
Enable the CAPTCHA support.
Configure HTTPS for end-to-end security.
Configure LDAPS for end-to-end security.
Use a strong encryption protocol for formatted hashed stored responses.
Configure Self Service Password Reset to see source network addresses for complete audit records to be maintained.
For more information, see Configuring Security Settings
in the Self Service Password Reset 4.3 Administration Guide.