Maximize reset password SMS complexity [Updated in Security Center 1.3]
The password_reset.sms.default_complexity property controls the minimum required SMS code verification size required during password reset.
More information
| Attribute | Description |
|---|---|
| Property name | password_reset.sms.default_complexity |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Authentication |
| Purpose | Denotes the SMS code verification size required during password reset. |
| Recommended value | 6 |
| Default value | 4 |
| Configuration type | Integer value greater than zero |
| Security risk | (Low) If the property is not set to the recommended value, then a weak SMS validation token is used. This increases the possibility of token guessing which could lead to account takeover. |
| Security risk rating | 3.8 |
To learn more about adding or creating a system property, see Add a system property.