Password Requirements and Security

A valid password must adhere to the following constraints:

  • It must be a minimum of 7 and a maximum of 24 characters in length.
  • It must be a combination of alphabetical character(s) and numeric character(s): it can contain at least one numeric character and the rest can be alphabetical characters, or the reverse.

    The following has been implemented for password security:

  • Passwords expire every 90 days.
  • Prior to password expiration the user will be notified of pending expiration.
  • Password history is saved to prevent reuse for six password change cycles.
  • Ten incorrect password login attempts will result in a lockout.

Modifying Password Requirements and Security

Maestro's password requirements and security settings can be modified to fit your site's needs. To modify these constraints:

  1. Stop the Maestro Project Server. Please see the instructions in the Stopping Maestro section.
  2. Create the security.properties file in [maestro_home]/projectserver/conf.
  3. To add the new Security Policies and Password Rules simply copy the desired text from below to anywhere in the file. You may change the numeric and boolean values.

    Security Policies

      security.policy.password.encoder=
  security.policy.password.previous.count=6
  security.policy.password.expiration.days=90
  security.policy.allowed.login.attempt=3

    Password Rules

      security.policy.password.rule.alphanumeric.enabled=false
  security.policy.password.rule.alphacount.enabled=true
  security.policy.password.rule.alphacount.minimum=1
  security.policy.password.rule.characterlength.enabled=true
  security.policy.password.rule.characterlength.minimum=1
  security.policy.password.rule.characterlength.maximum=8
  security.policy.password.rule.musthave.enabled=true
  security.policy.password.rule.numericalcount.enabled=true
  security.policy.password.rule.numericalcount.minimum=1
  security.policy.password.rule.reuse.enabled=true
  security.policy.password.rule.nowhitespace.enabled=true
  4. Save and close security.properties.
  5. Start the Maestro Project Server. Please see the instructions in the Starting Maestro section of this document.

If you use the Maestro Backup & Restore from the Maestro user interface the security.properties is not saved. If you have customized this file and are migrating to a new version of Maestro you may want to back it up. Please see the Manual Backup section for information on how to backup this file.

Password Recovery

Follow these steps to recover a forgotten password:

  1. Click Login in the orange horizontal bar.
  2. In the login screen, click Request a password reset link.
  3. Enter username into the Username field.
  4. Click Request Reset.
  5. An email containing the URL to reset the password will be sent to the user's account.