Password policy
With password policy support, system administrators can set security requirements that are related to password creation and expiration, timeout for inactivity, and actions after failed logon attempts.
Password policy support allows administrators to set
security rules that are based on their organization's security guidelines and restrictions. The
system supports the following password and security-related rules with this support.
- Content
- The administrator can set and manage the following rules for all passwords that are created on
the system:
- Specify password length requirements for all users.
- Require passwords to use uppercase and lowercase characters.
- Require passwords to contain special characters and numbers.
- Prevent users from reusing recent passwords. This parameter is not supported on FlashSystem 5015, FlashSystem 5035, and FlashSystem 5045.
- Require users to change password on the next login under any of these conditions:
- The password expired.
- The administrator created new accounts with temporary passwords.
- Expiration and lockout
- The administrator can create the following rules for password expiration:
- Set a password expiration limit.
- Set a password to expire immediately.
- Set a number of failed login attempts before the account is locked.
- Set a time period before locked accounts can be used.
- Automatic log out for inactivity.
- Locking the superuser account access.Note: Systems that support a dedicated technician port can lock the superuser account. The superuser account is the default user that can complete installation, initial configuration, and other service-related actions on the system. If the superuser account is locked, service tasks cannot be completed. You can configure users to automatically get locked out when they fail the password policy. For more information, see Locking user accounts. By default, user account locking is enabled for all users except the superuser. If a user fails to meet the password policy requirements, their account is automatically locked for 24 hours. You can configure user locking settings to alter the response in case user fails password policy.Important: When upgrading from a previous release, the existing user locking settings are retained. If user locking was disabled in the previous release, it will remain disabled after the upgrade. An event will be raised notifying administrator to recommend appropriate action to enable user locking.
- Expire all passwords and require you to create a new password on the next login.