10-08-2018 09:29 AM
Centrify Cloud - Windows MFA
Per Case 181004-190811; in order to change the password lenght via the Cloud Solution, this would involve a tedious process.
While Centrify has the ability to set users Security Answer to a number of characters, Centrify doesn’t currently have the ability to set users to use special characters or the ability to force users to change their security answer if a specification change is made.
Request that Centrify Cloud have the ability to set users to use special characters and automatic ability to force users to change their security answer if a specification change is made; when they go to log in at the Windows MFA.
10-08-2018 11:19 AM
Welcome to the Centrify forums.
Let me see if I interpret this correctly.
Looks like you want security questions to be treated with the same controls as passwords do (e.g. a'la NIST guidelines), right? (e.g. red section to adhere to the rules of purple section below?)
If the interpretation is correct, this is an enhancement request.
You can leverage your customer success lead or use the Idea Exchange (Ideas link in the grey bar).
Note that adding additional passwords may increase your ability to implement identity verification, but ultimately it's just another "something you know" type of challenge. Articulating the exact requirements you want to adhere to, will be important to the request. SQs and Passwords are treated differently due to the use case. It's possible with Centrify to use them as Auth challentes, but SQs are better suited for self-service scenarios.
Depending on the security posture of the information to to be protected, a SQ is not even a valid control per NIST 800-63 guidelines.
Let us know.