Password Policy Configuration
Administrator permissions are required to access this feature.
Administrators can configure the following settings for user passwords:
Setting | Description | Value Options |
---|---|---|
Password Length | Specify the minimum number of characters required in user passwords. | Minimum: 8 characters Maximum: 100 characters |
Complexity Requirements | Specify the types of characters required in user passwords. When a character type is selected, user passwords must include at least 1 of that character type. | Uppercase letters Lowercase letters Numbers Symbols |
Maximum Age | Specify the number of days a password is valid. When a password reaches its maximum age, the user must reset their password. | Minimum: 1 day Maximum: None |
Password History | Specify the number of unique passwords a user must create before reusing a password. Requiring more unique passwords reduces risk. | Minimum: 1 unique password Maximum: 24 unique passwords |
To configure the password policy:
- In the lower-left corner of the main screen, click the Administration cog icon.
The Administration menu appears on the left side. - Under Access Control, click Password Policy.
The Password Policy page appears with the current settings. - On the upper-right side, click Edit Settings.
The Edit Password Policy dialog box appears. - In the Password Length field, specify the minimum number of characters required in user passwords.
Value Range: 8 - 100 characters. - Under Complexity Requirements, click the check box to the left of the character type to select it.
Character Types: Uppercase letters, lowercase letters, numbers, and symbols. - In the Maximum Age field, specify the number of days a password is valid.
Value Range: at least 1 day (no maximum value) - Scroll down to display the Password History field and specify the number of unique passwords required.
Value Range: 1 - 24 unique passwords Click Save to update the password policy. Click Cancel to revoke any changes.
Updated password policy requirements are effective immediately. However, existing user passwords that do not meet the new requirements remain valid. Users must meet the new requirements the next time they reset their password.