Security Application Parameters

Define the following application parameters for the Security subsystem:

·       Password_Expiration_Period – The period (in days) in which the user’s password expires. If left blank, then the password will never expire. The default value is 90 (days) for new installations and 30 (days) for upgrades.

·       Password_Validation_Mask – You can define the security settings for the password, such as a certain number of digits or special characters. The default (^(?=[^\d_].*?\d)\w(\w|[!@#$%]){6,}) enforces that the password is at least seven digits long and that it contains both numeric and alphabetic characters. This default expression uses Regular Expressions (RegEx), so please visit www.regular-expressions.info for more information on forming these expressions.

·       Password_Repeat_Limit – Remembers the user’s previous passwords and does not allow the user to assign the same password for a certain number of instances. The default value is “4,” which indicates that the new password the user wants to assign cannot be the same as the last 4 passwords.

This parameter replaced the Can_User_Keep_Old_Password parameter.

·       Allow_Emailing_User_Password – Determines whether the administrator can send an email of the user’s password when creating a default password on a new user account or when resetting the user’s password. PA-DSS does not allow you to communicate the clear text password through email, so this is set to “N” by default. However, you can change this value, if necessary.

If you want to remain PA-DSS compliant, then you should retain the defaults delivered with base for these application parameters.

Additionally, as of 7.6.2, the following application parameter was added for the Application subsystem:

·       SCREEN_LOCKOUT_PERIOD – Per PA-DSS requirement, the Personify360 application must be locked if the work station is inactive for 15 minutes. Setting the value to a negative number does not enforce any screen time-out. Setting the value to a positive number overrides the default 15 minutes. Setting the value to zero or NULL of this parameter would enforce 15 minutes (the default).

When the inactivity limit is reached, a warning message will display, as shown below.


If the user does NOT click the Stay logged in button within one minute, he/she will be prompted to renter his/her password, as shown below. If the user clicks Exit, the application will close. If the user has unsaved data, he/she will be prompted to save the data first, which requires reentering his/her password.