Password policies
A password policy defines the password strength rules that are used to determine whether a new password is valid.
A password strength rule is a rule to which a password must conform. For example, password strength rules might specify that the minimum number of characters of a password must be 5. The rule might also specify that the maximum number of characters must be 10.
A password policy sets the rules that passwords for a service must meet, such as length and type of characters allowed and disallowed. Additionally, the password policy might specify that an entry is disallowed if the term is in a dictionary of unwanted terms. To select this choice in the user interface, you must first load a dictionary.ldif file into the IBM Verify Identity Governance.
You can specify the following standards and other rules for passwords:
- Minimum and maximum length
- Character restrictions
- Frequency of password reuse
- Disallowed user names or user IDs
- Specify a minimum password age
- If password synchronization is enabled, the administrator
must
ensure that password policies do not have any conflicting password
strength rules. When password synchronization is enabled, Identity Manager combines
policies for all accounts that are owned by the user to determine
the password to be used. If conflicts between password policies occur,
the password might not be set.
You might need to coordinate the password strength rules for the services. The first password strength rule might specify a minimum number of eight characters. Another password strength rule might specify a maximum number of six characters for a password. You must resolve such conflicts to enable a user to log on successfully.
- Some sites with a service such as AIX® might require longer passwords for users who have root authority. You might set a value for the minimum length of a password that is shorter than the default password on the AIX server. The shorter value might cause some users with root authority to enter a password that is shorter than required, causing authentication failure.