Managing password policies

Edit online

A password policy is a set of rules designed based on your organization's security requirements to enhance computer security by encouraging users to employ strong passwords and use them properly. You can add multiple password policies for the different users and, if required make the changes in existing password policy.

About this task

When you change the password policy, the updates take effect immediately. So next time you reset a user password or when users change their passwords, the passwords must be compliant with the new policy.

Procedure

  1. Log in as administrator on Verify.
  2. Select Security > Password management.
  3. Select Create policy.
  4. Under general settings section, specify Password policy name and Description as an optional procedure.
  5. Select Next.
  6. Specify following Password Strength details:
    Parameters Description
    Passwords minimum character length Set the minimum mandatory length for a password. The default minimum mandatory number of characters for a password is eight. Increasing the number of mandatory characters increases the strength of the passwords.
    Require alphabetic characters
    • Select the Require alphabetic character checkbox and set the minimum number of alphabetic characters that are required for a password.
    • Set the minimum number of lowercase characters.
    • Set the minimum number of uppercase characters.
    Note: The total of the minimum number of upper and lowercase character requirements cannot exceed the setting for the minimum alphabetic characters for a valid password.
    Require numeric and special characters
    • Select the Require numeric and special characters checkbox and set the minimum number of numeric and special characters for a password.
    • Set the minimum number of numerical characters.
    • Set the minimum number of special characters.
    Note: The total of the minimum number of numerical and special character requirements cannot exceed the setting for the minimum required numerical and special characters for a valid password.
    Limit consecutive repeated characters Select the Limit consecutive repeated characters checkbox and set the maximum number of consecutive repeated characters. The default number is two.
    Note: The total of the minimum number of character requirements cannot exceed the setting for the minimum character length of a valid password.
  7. Select Next.
  8. Specify following Password Security details:
    Parameters Description
    Set maximum password age Select the Set maximum password age checkbox and set the maximum number of days for password expiration. The default maximum password expiry number is 90 days.
    Set minimum password age Select the Set minimum password age checkbox and set the minimum age for password expiration. The default minimum password expiry age is 30 hours.
    Disallow reuse of passwords Select the Disallow reuse of passwords checkbox to prohibit users from reusing the passwords. This will also allow to set the number of attempts after which the user can reuse the password.
    Lock account after failed login
    • Password lockout duration (in minutes). Set the account lockout duration before the next attempt so that another password can be submitted for authentication. The default lockout duration is 10 minutes.
    • Number of attempts allowed. Set the number of consecutive failed attempts that lock the account. By default, the allowed attempts are 05.
  9. Select Create policy. The new password policy is reflected in the list.
  10. Optional: Select the password policy list to perform following operations:
    1. Select View settings icon to edit the password policy, make necessary changes, and select Save changes.
    2. Select Delete icon to permanently remove the respective password policy.
    Note: The password policy cannot be deleted if it is assigned to any other identity source such as Cloud Directory.