Password Policy Overview
The Password Policy page contains settings that are used to determine the validity of a password that is being created or set. The options are grouped into the following categories:
- Length Requirements
- Content Restrictions
- Password History
- User Interaction
These settings will only be used to check the validity of new or changed passwords. They will not affect existing passwords.
Who has access?
Enable Password Expiration
If this option is checked, users will be required to change their password periodically based on the Duration setting. If this option is not checked, the Duration setting has no effect.
The number of days (24 hour time periods) for which an expiring password is valid. If password expiration is enabled, this will be the time since the user’s password was last changed. This is enforced at login time.
A new or changed password must contain at least this many characters. The minimum length must be at least as long as the sum of all of the other minimum password length requirements (i.e., lowercase, uppercase, numeric, and special). A password cannot be blank, so the minimum length will be one character. A setting of 0 (zero) is equivalent to a setting of 1.
Minimum Number of Lowercase Characters
New or changed passwords must contain at least this many lowercase characters.
Minimum Number of Uppercase Characters
New or changed passwords must contain at least this many uppercase characters.
Minimum Number of Numeric Characters
New or changed passwords must contain at least this many numeric characters.
Minimum Number of Special Characters
New or changed passwords must contain at least this many special characters as defined in the Special Characters setting.
This is a list of the special (non-numeric, non-alphabetic, non-blank) characters that are counted when determining the minimum number of special characters in a password.
Not Allowed Characters
This a list of characters that will not be allowed as part of a password. This is typically used to exclude characters where there may be confusion because of character similarity such as between 0 (zero) and O (capital letter ‘o’).
Not Allowed Words
This is a list of words that are not allowed as part of a password. Use commas to separate words in the list. The test for inclusion of these words within a password is case-insensitive. The maximum length of the entire list of words is 1024 characters.
- Password History Count
This setting is the number of previous (non-temporary) passwords for a user that they will not be allowed to re-use as their password when it is changed. The maximum value for this setting is 10. Set this value to 0 (zero) to disable this feature. If a User Administrator sets a user’s password and marks it as temporary, then the password history check (as well any other current password policy setting such as length requirements or content restrictions) will not be enforced for that password. Temporary passwords are not saved in the password history list.
Maximum Login Failures
The number of login failures allowed for a user account after which they will be required to enter a Captcha code as well as their correct password in order to log in. If this is set to 0 (zero), a Captcha code is always required.
Enable Password Reset
If this option is checked, users will be able to request an email be sent to them that will contain a link which will allow them to reset their password. Passwords changed by users must comply with all password policy settings.