Hello,

There are some old profiles in the system whose password set to not expire and password rule on the system is to use minimum length of 15 characters. So auditors are checking which profile has password length less that 15 characters. How can i check that , is there any way to query to check length of password for user profiles in the system? 

Please provide you feedback. Thank you so much!

Hello Ujwala,

To my knowledge there is no way to check the length of passwords on IBM i. I do hope I am 100 % here, because if there was, it would be a security breach. Once you know the length of a password guessing what it is becomes a lot easier doen it not?

When you keep a record of when system values are changed, including all the password related ones, you know when the password length was implemented. With that date you can run a query on the password change date, below an example:

SELECT AUTHORIZATION_NAME,  TEXT_DESCRIPTION, PASSWORD_CHANGE_DATE
    FROM QSYS2.USER_INFO
    WHERE PASSWORD_CHANGE_DATE <= Current date - 300 days
    order by PASSWORD_CHANGE_DATE ;

Please replace the "Current date - 300 days" by the correct date of the password length change date or adjust the number of days accordingly. 

Hopefully this helps.

Greetings,

Hello,

There are some old profiles in the system whose password set to not expire and password rule on the system is to use minimum length of 15 characters. So auditors are checking which profile has password length less that 15 characters. How can i check that , is there any way to query to check length of password for user profiles in the system? 

Please provide you feedback. Thank you so much!

Hello Ujwala,

To my knowledge there is no way to check the length of passwords on IBM i. I do hope I am 100 % here, because if there was, it would be a security breach. Once you know the length of a password guessing what it is becomes a lot easier doen it not?

When you keep a record of when system values are changed, including all the password related ones, you know when the password length was implemented. With that date you can run a query on the password change date, below an example:

SELECT AUTHORIZATION_NAME,  TEXT_DESCRIPTION, PASSWORD_CHANGE_DATE
    FROM QSYS2.USER_INFO
    WHERE PASSWORD_CHANGE_DATE <= Current date - 300 days
    order by PASSWORD_CHANGE_DATE ;

Please replace the "Current date - 300 days" by the correct date of the password length change date or adjust the number of days accordingly. 

Hopefully this helps.

Greetings,

Hello,

There are some old profiles in the system whose password set to not expire and password rule on the system is to use minimum length of 15 characters. So auditors are checking which profile has password length less that 15 characters. How can i check that , is there any way to query to check length of password for user profiles in the system? 

Please provide you feedback. Thank you so much!

Hello,

There are some old profiles in the system whose password set to not expire and password rule on the system is to use minimum length of 15 characters. So auditors are checking which profile has password length less that 15 characters. How can i check that , is there any way to query to check length of password for user profiles in the system? 

Please provide you feedback. Thank you so much!

Hi

I agree that you can't know the password length. However you can at least see if it is10 characters or less.

You can look for the PASSWORD_LEVEL_0_1 field in the USER_INFO table, and if the value is YES the password is (probably) not longer than 10 characters.

That's not exactly what you need, but it's the best approach I can think of.

Hello,

There are some old profiles in the system whose password set to not expire and password rule on the system is to use minimum length of 15 characters. So auditors are checking which profile has password length less that 15 characters. How can i check that , is there any way to query to check length of password for user profiles in the system? 

Please provide you feedback. Thank you so much!

Hello,

There are some old profiles in the system whose password set to not expire and password rule on the system is to use minimum length of 15 characters. So auditors are checking which profile has password length less that 15 characters. How can i check that , is there any way to query to check length of password for user profiles in the system? 

Please provide you feedback. Thank you so much!