Password Policy
This password policy is applied when the GoodData Platform is handling user management and not any additional single sign-on policies implemented on the customer side.
The password that you use to connect to the GoodData platform can be used to connect to the platform through any supported interface: CloudConnect Designer, REST APIs, gray pages, and potentially any scripts you use with GoodData.
Apart from the security policy and requirements on your site, your password must meet the following criteria:
Default Password Policy
- Does not contain character sequences (for example, 11111, 12345, qwerty and so on).
- Is not a previously used password.
- Does not contain any similarities to your login.
- Has a minimum length of 7 characters.
- Commonly known weak passwords are not accepted (password123, etc.).
Stronger Password Policy
- Your can define a minimum password length of 1 characters up to a maximum of 128 characters.
- You can define password complexity to contain a combination (up to a total of four) of the following:
- Digits (0 to 9)
- Uppercase characters (A to Z)
- Lowercase characters (a to z)
- Special characters (!@#$%^&*())
- Unicode
- Enforcement for users to change password upon expiry (ON/OFF per domain and/or user)
- Password expiry range (duration in minutes, hours, days, months or years per domain)
- Number of unique passwords used before reuse (for example, new password must not match previous seven passwords used)
- Contact GoodData Support to enable stronger password options including a minimum password character length and number of required character groups.
If you require additional stronger or custom password policy, view Set up User Authentication and SSO.
Password Security Best Practices
- Implement Single Sign-On (SSO) with Multi-Factor Authentication (MFA) Whenever possible, set up SSO through a trusted Identity Provider with MFA support. Configure it as an SSO-only solution, preventing fallback to password authentication without MFA.
- Strengthen Password Requirements
If SSO isn’t feasible, consider:
- Increasing the minimum password length to 10 characters or more. However, longer passwords are not necessarily better. Requiring long passwords can lead to undesired user behavior, such as choosing repeating patterns that are not hard to guess, writing passwords down, or reusing them.
- Removing character-composition requirements. Most people use similar patterns if they are forced to combine certain characters (i.e. capital letter in the first position, a symbol in the last, and a number in the last 2), which can be exploited by attackers.
- Eliminating mandatory periodic password resets for user accounts. Mandatory resets drive users to very predictable passwords that are closely related to each other. Such passwords can be predicted based on the previous ones.
- Prohibiting common passwords to enhance system security. GoodData includes a block list of commonly used passwords to reduce the risk of successful brute-force attacks.
- Educating users against reusing their work-related passwords for other purposes.
- Evaluate Complexity Rules Strict complexity rules may not always enhance security, but they might be necessary to meet legacy compliance standards. Encouraging longer passphrases instead of passwords can be effective.
Change Password
We recommend that you change your passwords on a regular basis.
Steps:
Log in to GoodData.
Click your username in the top right corner, and select Account. The account settings page opens.
Click Change Password. A pop-up dialog for changing the password appears.
Enter the old password, the new password, and confirm the new password. Click Save.
If saving your password fails, delete the cookies in your browser and retry.The dialog closes. Your password has changed.
Log out from the Portal and log back in using the new password.
If you are using CloudConnect, apply the password change in CloudConnect (for details, see Apply a GoodData Password Change to CloudConnect Designer).