Configuring system authentication

You can configure local authentication on your IBM QRadar system. You can specify length, complexity, and expiry requirements for local passwords.

About this task

The local authentication password policy applies to local passwords for administrative users. The policy also applies to non-administrative users if no external authentication is configured.

When the local authentication password policy is updated, users are prompted to change their password if they log in with a password that does not meet the new requirements.

Procedure

  1. On the Admin tab, click Authentication.
  2. Click Authentication Module Settings.
  3. Optional: From the Authentication Module list, select System Authentication.

    System authentication is the default authentication module. If you change from another authentication module, then you must deploy QRadar before you do the next steps.

  4. Click Save Authentication Module.
  5. Click Home.
  6. Click Local Password Policy Configuration.
  7. Select the password complexity settings for local authentication.
    Learn more about password complexity settings:
    Table 1. Password Complexity settings

    Password complexity setting

    Description
    Minimum Password Length

    Specifies the minimum number of characters that must be in a password.

    Important: To provide adequate security, passwords should contain at least 8 characters.
    Use Complexity Rules Requires that passwords meet a number of complexity rules, such as containing uppercase characters, lowercase characters, special characters, or numbers.
    Number of rules required

    The number of complexity rules that individual passwords must meet. Must be between one and the number of enabled complexity rules. For example, if all four complexity rules are enabled and individual passwords must meet any three of them, then enter 3.
    Contain an uppercase character

    Requires that passwords contain at least one uppercase character.
    Contain a lowercase character

    Requires that passwords contain at least one lowercase character.
    Contain a digit

    Requires that passwords contain at least one number.
    Contain a special character

    Requires that passwords contain at least one space or other character that is not a letter or number (for example, "$%&'()*,-./:;<=>?@[\]_`|~).
    Not contain repeating characters

    Disallows more than two repeating characters. For example, abbc is allowed but abbbc is not allowed.
    Password History

    Prevents passwords from being reused for a number of days. The number of days is calculated by Unique password count multiplied by Days before password will expire.
    Unique password count

    This parameter displays when Password History is selected. The number of password changes before a previous password can be reused.
    Days before password will expire

    This parameter displays when Password History is selected. The number of days before a password must be changed.
  8. Click Update Password Policy.