Managing Password Policies

Overview of Password Policies

Effectively managing user passwords can help you reduce the risk of security breaches that compromise the integrity of your user accounts. You can set parameters for your password policy to enforce the use of “strong” passwords that decrease the risk of security breaches by safeguarding user account access and information.

Set a password policy

1         Go to Administration > Password Policy.

2         On the Password Policies page, click Create Policy.  

3         On the Add New Password Policy page, configure the policy as needed:

        Password Policy Name: Assign the policy a unique descriptive name for easy reference later.

        Maximum Password Age: Type the length of time in days that the password will remain valid.

When this point is reached, the password will expire.

        User Notice Period: Type how many days after the password is set (or changed) that the user should be prompted (on logging in) to change the password.

        Password does not expire: Check this box if the password will not expire.

        Password History: Specify the number of prior passwords to keep on record in the system.

        Account Lockout Threshold: Specify how many invalid login attempts users will be allowed before the account is locked.

        Minimum Password Length: Type the minimum number of characters the password can contain.

        Maximum Password Length: Type the maximum number of characters the password must contain.

        Uppercase: Specify the policy for uppercase letters:

        If you leave the field blank, passwords can contain 0, 1, or more uppercase letters.

        If you specify a value of 0, passwords cannot contain any uppercase letters.

        If you specify a non-zero value (i.e., 1, 2, etc.), the password must contain at least that many uppercase characters.

        Lowercase: Specify the policy for lowercase letters:

        If you leave the field blank, passwords can contain 0, 1, or more lowercase letters.

        If you specify a value of 0, passwords cannot contain any lowercase letters.

        If you specify a non-zero value (i.e., 1, 2, etc.), the password must contain at least that many lowercase letters.

        Numeric Characters: Specify the policy for numeric characters:

        If you leave the field blank, passwords can contain 0, 1, or more numeric characters.

        If you specify a value of 0, passwords cannot contain any numeric characters.

        If you specify a non-zero value (i.e., 1, 2, etc.), the password must contain at least that many numeric characters.

        Special Characters: Specify the policy for special characters (e.g., -,@,!,%, ,*) :

        If you leave the field blank, passwords can contain 0, 1, or more special characters.

        If you specify a value of 0, passwords cannot contain any special characters.

        If you specify a non-zero value (i.e., 1, 2, etc.), the password must contain at least that many special characters.

        User ID Allowed to be part of password: Check this box if the username (ID) can be included in the password.

        Name Allowed to be part of password: Check this box if the user’s first and/or last name can be included in the password.

4         Click Save.

See Also

        Registration Settings

        Managing Users