SnTT - Lotus Notes Internet Passwords05/01/2008 02:01:30 PM
A few questions from client sites and some posts on developerWorks:Lotus has prompted me to share this information on Lotus Notes Internet Passwords.
Q: What characters are allowed in a Lotus Notes Internet Password?
A: Any keyboard character can be included in a Notes Password. This includes both standard ASCII characters as well as extended ASCII characters (for example, accented letters).
Q: How many characters can I have in a Lotus Notes Internet Password?
A: The maximum number of characters you can include in a Notes password is 64.
More details on this can be found at the link.
Link: What Are The Length and Character Restrictions For a Lotus Notes Password
Technorati tag: SnTT Show-n-Tell Thursday
Comment posted by Keith Brooks05/01/2008 05:48:41 PM
Homepage: http://www.vanessabrooks.com
One caveat, and I am writing an article on this is Lotus may accept it, but some thrid party apps do not accept ANY characters.
There can be a conflict between what security people want and what software companies can provide.
looking for more details so anyone that has info on it, let me know.
You will get credited in my upcoming article on this topic.
Comment posted by Vaughan Rivett05/01/2008 07:48:10 PM
Homepage: http://st1.rivettassociates.com/Web/Vaughans.nsf/
I would suggest that you may need to be careful with the any character approach if you are getting other applications to authenticate against Lotus Domino Server's LDAP service.
Comment posted by Gregg Eldred05/01/2008 09:33:16 PM
Homepage: http://www.ns-tech.com/blog/geldred.nsf
@Vaughan and @Keith: You both bring up very good points. @Keith, I know of an application (non-Domino) that uses Domino authentication, but limits the length to 20 characters. While the Lotus password is more than that, and is acceptable to DWA and Sametime, the users that use a longer length have to remember that their password for this particular app can be much less.
@Vaughan: Even though Domino allows extended characters, some other services may not.
I would probably recommend that Admins look at Policies or a validation formula to help the users choose a secure password.One that is within acceptable limits for all of the services that rely on Domino authentication.
Comment posted by Ian Randall05/02/2008 02:35:07 AM
Another unique feature of Lotus Notes passwords (not to deviate too far from this blog topic of the internet password) is that a Notes certificate can actually be configured to contain multiple passwords (from memory up to 6), and it is possible to configure the minimum number of passwords that must be correctly entered to authorize access. This is primarily used to protect the organizational certifier, but can also technically be applied to any user certificate.
Imagine other systems having to copy with multiple passwords, each consisting of a maximum of 64 ASCII and extended ASCII characters. Wouldn't that drive the hackers crazy.
BlogSphere V1.3.1
Join The WebLog Revolution at BlogSphere.net
- 