Password policy

Administrators can update or delete the existing password policy, create new password policies, and assign a specific password policy to a user on the Manage Users console page, or by using REST API endpoints.

Default console password policy support

The principles in a password policy are enforced for different user roles as shown in the following Table:

Table 1. Default Console password policy
Console password policy principle Setting
Password expiration date N

Password expiration is not enabled by default in the default password policy.

Password minimum length Minimum fifteen characters

At least one uppercase letter, one lowercase letter, one number, and one special character.

Failed login attempts before account lockout 5
Account lockout duration 30 minutes
Password history

Previously used passwords are stored to prevent reuse. By default, the policy retains a history of the last 5 passwords

Note: The table above shows the settings for the default password policy. Custom policies may be configured differently as needed.

Forgotten password support

For non-Entry plans, you can use your user ID and email address to reset a forgotten password. You can also use the /auth/reset REST API to reset the password. The reset instruction is sent to your email address and is valid for 24 hours.
Note: You can reset your password only one time within a 24 hour period.

REST API

To use REST API endpoints to change password policies, see: Db2 Warehouse as a Service API