Considerations for changing QPWDLVL from 2 to 3

After running the system at QPWDLVL 2 for some period of time, you can consider moving to QPWDLVL 3 to improve the password security protection.

At QPWDLVL 3, all password level 0 and 1 passwords are cleared. The administrator can use the DSPAUTUSR command, the PRTUSRPRF TYPE(*PWDLVL) command, or the QSYS2.USER_INFO view to locate user profiles which don't have password level 2 or 3 passwords associated with them.

A change to the QPWDLVL system value takes effect at the next IPL. To see the current and pending password level values, use the Display Security Attributes (DSPSECA) command.