Password content controls

For your database user accounts, you can specify requirements such as length and character formats to ensure that your users select passwords that meet your security policies. The system calculates and enforces the strength of a password by using a credit-based algorithm that evaluates the complexity of the characters that are used in the password and its length.

To set the content requirements for passwords, use the SET SYSTEM DEFAULT SQL command as follows:
SYSTEM.ADMIN(ADMIN)=> SET SYSTEM DEFAULT PASSWORDPOLICY TO conf;
SET VARIABLE
The conf value is a string of parameters that specify the content requirements and restrictions:
minlen
Specifies the minimum length in characters (after it deducts any credits) for a password. The default is the minimum value of 6; that is, even with credits, you cannot specify a password that is less than six characters. If you specify 10, for example, the user must specify at least nine lowercase characters (with the lowercase letter default credit of 1) to meet the minimum length criteria.
Note: There is a relationship between the minimum length of a password and its strength (that is, the use of mixed-case letters, digits, and non-alphanumeric characters that increase the complexity of the password string). If a user specifies only lowercase letters, which are considered weak passwords, the minimum length of the password is minlen. If the user includes uppercase and lowercase letters, digits, and symbols, the minlen requirement can be reduced with credits for the number and type of those additional characters. You can also use the credit values to require the presence of a minimum number of characters in the password.
dcredit
Specifies the maximum credit for including digits in the password. The default is one credit; if you specify a credit of 3, for example, the user receives one credit per digit up to the maximum of three credits to reduce the minlen requirement. If you specify a negative value such as -2, your users must specify at least two digits in their password.
ucredit
Specifies the maximum credit for including uppercase letters in the password. The default is one credit; if you specify a credit of 2, for example, the user receives one credit per uppercase letter up to the maximum of two credits to reduce the minlen requirement. If you specify a negative value such as -1, your users must specify at least one uppercase letter in their password.
lcredit
Specifies the maximum credit for including lowercase letters in the password. The default is one credit; if you specify a credit of 2, for example, the user receives one credit per lowercase letter up to the maximum of two credits to reduce the minlen requirement. If you specify a negative value such as -1, your users must specify at least one lowercase letter in their password.
ocredit
Specifies the maximum credit for including non-alphanumeric characters (often referred to as symbols such as #, &, or *) in the password. The default is one credit; if you specify a credit of 1, for example, the user receives one credit per non-alphanumeric character up to the maximum of one credit to reduce the minlen requirement. If you specify a negative value such as -2, your users must specify at least two non-alphanumeric characters in their password.
For example, the following command specifies that the minimum length of a weak password is 10, and it must contain at least one uppercase letter. The presence of at least one symbol or digit allows for a credit of 1 each to reduce the minimum length of the password:
SYSTEM.ADMIN(ADMIN)=> SET SYSTEM DEFAULT PASSWORDPOLICY TO 'minlen=10, 
lcredit=0 ucredit=-1 dcredit=-1 ocredit=1';
SET VARIABLE
As another example, the following command specifies that the minimum length of a weak password is 8, it must contain at least two digits and one symbol; and the presence of lowercase characters offers no credit to reduce the minimum password length:
SYSTEM.ADMIN(ADMIN)=> SET SYSTEM DEFAULT PASSWORDPOLICY TO 'minlen=8, 
lcredit=0 dcredit=-2 ocredit=-1';
SET VARIABLE