These changes are a result of PCI requirement 11.3. See section 11.3.a on page 18 of the PCI PA-DSS Requirements and Security Assessment Procedures v1.2. Therefore, the password requirements cannot be changed or removed.
The new requirements:
- New passwords must be between 8 and 10 characters, consist of numbers and letters, and must contain at least 1 capital letter.
- Users will be unable to re-use their previous 4 passwords.
- Existing passwords from version 7.85 and below must be entered using all capital letters after upgrading to version 7.91 and above. This applies to the 1st time a user logs into version 7.91 and above. The first time any users logs in they must enter their password in all capital letters (e.g., ADMIN1 instead of admin1). After logging in with the password using all capital letters, we recommend users immediately change their password by going to Edit, Change Password. Please share this information with all users at your organization to ensure they are able to successfully log into the database.
- These password changes do not apply to Windows Authentication
- If you are in the Blackbaud Hosting Services environment, your Hosting passwords will not be affected by this change. These password changes are specific to The Raiser's Edge application only.