Password policy
Administrators can update or delete the existing password policy, create new password policies, and assign a specific password policy to a user on the Manage Users console page, or by using REST API endpoints.
Default console password policy support
The principles in a password policy are enforced for different user roles as shown in the following Table:
| Console password policy principle | Setting |
|---|---|
| Password expiration date | N Password expiration is not enabled by default in the default password policy. |
| Password minimum length | Minimum fifteen characters At least one uppercase letter, one lowercase letter, one number, and one special character. |
| Failed login attempts before account lockout | 5 |
| Account lockout duration | 30 minutes |
| Password history |
Previously used passwords are stored to prevent reuse. By default, the policy retains a history of the last 5 passwords |
Note: The table above shows the settings for the default password policy. Custom policies may be
configured differently as needed.
Forgotten password support
For non-Entry plans, you can use your user ID and email address to reset a forgotten password.
You can also use the
/auth/reset REST API to reset the password. The reset
instruction is sent to your email address and is valid for 24 hours. Note: You can reset your
password only one time within a 24 hour period.
REST API
To use REST API endpoints to change password policies, see: Db2 Warehouse as a Service API