Password policy

With password policy support, system administrators can set security requirements that are related to password creation and expiration, timeout for inactivity, and actions after failed logon attempts.

Password policy support allows administrators to set security rules that are based on their organization's security guidelines and restrictions. The system supports the following password and security-related rules with this support.
Password creation rules
Administrator can set and manage the following rules for all passwords that are created on the system:
  • Specify password length requirements for all users.
  • Require passwords to use uppercase and lowercase characters.
  • Require passwords to contain special characters.
  • Prevent users from reusing recent passwords.
  • Require users to change password on next login under any of these conditions:
    • Their password expired.
    • An administrator created new accounts with temporary passwords.
Password expiration and rules for locking accounts
The administrator can create the following rules for password expiration:
  • Set password expiration limit.
  • Set a password to expire immediately.
  • Set number of failed login attempts before the account is locked.
  • Set time for locked accounts.
  • Automatic log out for inactivity.
  • Locking superuser account access.
    Note: Systems that support a dedicated technician port can lock the superuser account. The superuser account is the default user that can complete installation, initial configuration, and other service-related actions on the system. If the superuser account is locked, service tasks cannot be completed.You can configure users to automatically get locked out when they fail the password policy. For more information, see Locking user accounts.