It's much more fun, when you can discuss your problems with others...
You are not logged in. Please login or register.
FrontAccounting forum → Setup → Username login security?
Can we have upper / lower case enforcement on the username for the login screen?
Right now to login any combination of upper or lower case letters logs in successfully
Admin
is the same as
admin
or
aDmin
or admiN
all work.
Username is half the login key, should have same check as passwords ...
Thanks!!
I am not so sure about this. It is very common to let the username be case insensitive.
It is more important that the password is strong. And, really, this is not a Fort Knox issue.
Joe
@joe
I like the Fort Knox analogy... 
I still agree that we need a stronger userid. Most of the sites I visit now have userid rules (not passwords only). This admin is very trivial... of course users need to change it anyway..
Thanks for the reply and consideration.
More and more user / pass is looking at user rules. I used admin as example, we had set up users with upper / lower case and characters and determined case was insensitive. It's nothing new -
https://passwordbits.com/usernames-need-unique/
just for your consideration ...
Thanks!!
@joe , basically we have md5 encryption, which is ok for Password. But now a days. Securing our framework is more important. Than enhancing it. People are looking with two step authentications to prevent unknown tries. But I feel the username case sensitive is a good to have for customers.
Our parent company has given us until Dec 31 2021 to comply with their security guidelines. Account Security is a major part of their focus, and we will not be allowed to use FA after that date if the login is not case sensitive.
This SUCKS.
I've build into FA for many years and it's great for us. The learning curve of a financial package is extreme and we anticipate many difficulties during the transition.
PLEASE FIX THE LOGON SECURITY OF FRONTACCOUNTING SO WE CAN CONTINUE USING IT!
The security team states there are other vulnerabilities in FA but that they can be remedied by firewall magic. The login security is a show stopper.
Thanks for your serious and timely consideration.
BTW
The security co is requiring us to have usernames that are basically passwords - 12+ characters that must have a combination of upper and lower case letters, numbers and punctuation, no dictionary words, no repeating characters, etc ...
Also, they're suggesting spaces in passwords be acceptable as the trend is going to 'pass phrases' vs passwords.
Hire a FA developer and make him to create a module and connect the login with hooks as well as replace the user account page with a custom one which will have to ask those combinations in password. This way you can make this happen.
FA can provide support to many things. But it has to common needs for all users. Except you no one is active to seek this enhancement.
Or may be you can create and contribute it to FA development community , it's depends on your interest towards the contribution of the FA community.
Thank you
We ended up putting another server in front of the FA machine that meets their requirement, then log in to FA from there. Makes me log in twice but meets their demands ...
May I ask what software the front server is using and if it is chargeable.?
I'm not sure what it is based on but it presents itself as a Remote Desktop login. Once authenticated to a desktop one browses to a local address:port and the FA login is presented.
FrontAccounting forum → Setup → Username login security?
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 4 official extensions. Copyright © 2003–2009 PunBB.
