EFDE Policy

[Mr.Gains 4]

In the EFDE policy we have total recovery password uses, and the recovery password reset when it reaches a number of uses left. The issue I see with this is that the user can reuse the same recovery password until they reach the auto-generate new password in policy, could we have this to where it could generate a new password after a number of use? For example in policy there's 20 recovery password uses, and it'll auto-generate a new recovery after every 2 recovery password used, and it'll warn the user when there's 4 total recovery password uses available before recovery data needs to be done. Another thing in entering incorrect password at the EFDE login screen, sometimes I get more attempts than I'm allowed and/or system reboot after 3 times. I'm thinking there's a bug in the password attempts, but it would nice for users to see how many more attempts until the current password is disabled.

Thanks,

[Rendekovic 13]

Hello @Mr.Gains, thank you for your post,

to resolve the issue you describe (I believe I understood correctly) I suggest to do the following in an EFDE Policy:

• set "Maximum uses" under "Recovery Password Uses" to 2 AND
• "Automatically generate new recovery password" under "Recovery Password Uses" to YES AND
• "Generate when (uses remain)" under "Recovery Password Uses" to 1

This way you will restrict use of one recovery password to 2 uses, and after the 1st use a new one will be generated and will become a valid recovery password AFTER EFDE connects with ESMC.

 

With more attempts than set in a policy, it sounds like a bug. Could you please raise a tech. support ticket for this issue? we will investigate

 

Edited July 15, 2020 by Rendekovic