Maximize reset password SMS complexity

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The password_reset.sms.default_complexity property controls the minimum required SMS code verification size required during password reset.

    If the password_reset.sms.default_complexity system property isn't set to the recommended value of 6 or greater, then a weak SMS validation token is used.

    Ensure the property password_reset.sms.default_complexity is set to 6 or more.

    More information

    Attribute Description
    Configuration name password_reset.sms.default_complexity
    Configuration type System Properties (/sys_properties_list.do)
    Data type Integer
    Recommended value 6 or higher
    Default value <none>
    Fallback value 4
    Category Authentication
    Security risk
    • Severity score:
    • CVSS rating:
    • Security risk details: This increases the possibility of token guessing which could lead to account takeover.
    Functional impact None
    Dependencies and prerequisites None