{//% unless portal.user.is_agent %} Tickets
Welcome
Login Submit a Ticket News {//% endunless %}

N-PBS 25.1 Enhancements

S-89436 - COMMUNITY - AdminUI: Password Security Enhancement

We have enhanced the security of the Scheduler password creation process by implementing mandatory password updates every three months where the new password can not be the same as any of the previous three passwords. In addition, the new password must meet the following criteria:

  • Minimum of eight characters
  • Include at least one uppercase letter, one number, and one special character. 

Note: The following characters are prohibited: '<', '>', '"', ''', '&', ';', '\', '*', ':'
 

Example: HoldenLM21!

These updates improve on the previous password requirements by introducing stronger security measures.

 The password functionality is used in several areas of AdminUI, including: 

  1. Login:
    New Scheduler: The user can log in using their employee ID as the password. Note: PBS does not require a password update on first login (unlike the WebApp).
     Old Scheduler: The user is never prompted to update their password. 
  2. Forgot password: A new password is sent to the user’s email, which they can use to log in. Note: PBS does not require the user to change the password on receipt.
  3. Change password (for some ALCs): Schedulers can modify the password for any crew member, allowing them to log in with the new password.
     Note: PBS does not prompt the user to change the password after this update. 
    0.


The password function is used in several parts in AdminUI:

 

Prior to the enhancement:

  1. Login: 
    New Scheduler: the user can login with their employee ID as password. Note: PBS does not require the user to update their password on the first login (unlike the WebApp).
     Old Scheduler: the user is never asked to update the password.
  2. Forgot password: A new password is sent to the user's e-mail, and the user can use it to log in. Note: PBS does not ask the user to change the password.
  3. Change password (for some ALCs): The Scheduler can change the password for any crew member, and the user can log in with the new password. Note: PBS does not tell the user to change the password.
     
    0.

    

After the enhancement:

  1. Login:
    New Scheduler: during the first login, when using the employee ID as the password, the user is asked to update their password with the new password criteria.
    Old Scheduler: Users are asked to update their password every three months. In these cases, a pop-up appears asking the Scheduler to update the password. The new password can not be the same as the previous three passwords.
    Note: there is one exemption: the NAVAdmin account user does not need to update the password.

     
  2. Forgot password: a new password, compliant with the rules, is sent to the user's email. When the user logs in with it, PBS forces them to update their password.
  3. Change password (for some ALCs): The Scheduler can change the password for any crew member, and the user can log in with the new password. Note: PBS does not advise the user to change the password. 0.


Acceptance Criteria:

GIVEN - a new Scheduler
WHEN - log in at the first time using the default password, which is their user ID
THEN - a new password will be required, consisting of at least eight characters, including one uppercase letter, one symbol, and one number.

   

GIVEN - an old Scheduler
WHEN - logging in with a password that was set up more than three months ago
THEN - a new password will be required, consisting of at least eight characters, including one uppercase letter, one symbol, and one number. 

 

GIVEN - a Scheduler (for some ALCs) can change the password for a crew member
WHEN - changing the password for a crew member in the crew tab
THEN - the password should consist of at least eight characters, including one uppercase letter, one symbol, and one number.

GIVEN - a Scheduler
WHEN - when use the functionality <<Forgot Password?>>
WHEN - the Scheduler receives the password consisting of at least eight characters, including one uppercase letter, one symbol, and one number
WHEN - the Scheduler uses the password to login
THEN - a new password will be required, consisting of at least eight characters, including one uppercase letter, one symbol, and one number. The password can not be the same as the previous three passwords.
 

S-89437 - COMMUNITY - WebApp: Password Security Enhancement

We have enhanced the security of the Scheduler password creation process by implementing mandatory password updates every three months where the new password can not be the same as any of the previous three passwords. In addition, the new password must meet the following criteria:
 

  • Minimum of eight characters 
  • Include at least one uppercase letter, one number, and one special character.

Note: The following characters are prohibited: '<', '>', '"', ''', '&', ';', '\', '*', ':'
 

Example: HoldenLM21!

These updates improve upon the previous password requirements by introducing stronger security measures.

 

Before the enhancement:

  1. Login:
    New Scheduler: the user can login with their employee ID as the password. Note: during the first login, PBS asks the user to update the password.
     Old Scheduler: the user is never asked to update the password
  2. Forgot password: a new password is sent to user's e-mail, and the user can use it to log in. Note: PBS does not ask the user to change the password.0.

 

After the enhancement:

  1. Login:
    New Scheduler: during the first log in with the user's employee ID as the password, the user is asked to update the password with the new password rules.
     Old Scheduler: the users is asked to update their password every three months. In this case, a pop up displays to ask the Scheduler to update the password. The new password can not be the same as the previous three passwords. 
  2. Forgot password: a new password consisting of the new password rules is sent to the user's email. When the user logs in with it, PBS forces them to update the password.0.


Acceptance Critieria:

GIVEN - a new Bidder
WHEN - log in at the first time using the default password, which is their user ID
THEN - a new password will be required, consisting of at least eight characters, including one uppercase letter, one symbol, and one number.
 

GIVEN - an old Bidder
WHEN - logging in with a password that was set up more than three months ago
THEN - a new password will be required, consisting of at least eight characters, including one uppercase letter, one symbol, and one number. The password can not be the same as the previous three passwords.

 
GIVEN - a Bidder
WHEN - when use the functionality <<Forgot Password?>>
WHEN - the Bidder receives the password which consists of at least eight characters, including one uppercase letter, one symbol, and one number
WHEN - the Bidder uses the password to login
THEN - a new password will be required, consisting of at least eight characters, including one uppercase letter, one symbol, and one number. The password can not be the same as the previous three passwords.

GIVEN  - a Bidder logged in WebApp

WHEN - when using change password

THEN -  the Bidder must enter a new password consisting of at least eight characters, including one uppercase letter, one symbol, and one number. The password can not be the same as the previous three passwords.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.