You can define the following rules on the Password Policypage:

• Password syntax
• Password expiration
• Password lockout
• Password history

PasswordSyntax

Use the following settings to define the minimumpassword length and the required characters:

Check Syntax

Select one of these options:

• Yes: You want to set up a minimum passwordlength and required characters.
• No: You do not want to set up rules forpassword length.

Min Length

Enter the minimum number of characters the password must contain.

Thereis no maximum password length.

Min Alpha Chars

Enter the minimum number of alphabetic characters (A-Z) thepassword must contain.

Min Numeric Chars

Enter the minimum number of numeric characters (0-9) the passwordmust contain.

Min Special Chars

Enterthe minimum number of special (non-alphanumeric) characters the passwordmust contain.

Users cannot use these special characters in theirpasswords:

• \ (backslash)
• " (quotation marks)
• < (less than sign)
• > (greater than sign)
• % (percent sign)
• # (pound sign)
• | (pipe)

PasswordExpiration

Use the following settings to define whetheruser passwords expire:

Expires

Select one of these options:

• Yes: You want user passwords to expire.
• No: User passwords do not expire.

Note: When you create or update a user profile you can set the ForcePassword Change On Next Logon field to Yes.The Force Password Change On Next Logon fieldis only displayed if you set Expires to Yes onthe Password Policy page.

Max Age

Enter the number of days the password is valid before it automaticallyexpires.

Do not set the maximum age to zero. That would forceusers to change their password every time they log on.

Warning Before Expire

Enter the number of days before the password expires that Sterling TMS displays awarning message to the user:

• The expiration message is displayed after the user logs on.
• The users can change their password on the Sterling TMS Options page.

PasswordLockout

You can lock out users if they enter incorrect credentialsfor a specified number of times:

Lockout

Select one of these options:

• Yes: You want to lock users out of Sterling TMS if they enteran incorrect user name or password a specified number of times.
• No: Users can try to log on as many timesas they want without having their account locked.

Failures Before Lockout

Specify how many times in a row the user can try to log onincorrectly before the system locks the user out of the system.

Afailed logon attempt consists of the user trying to enter an invaliduser name password or both.

Lockout Duration

Enter the number of minutes during which a user is locked outof the system after reaching the maximum number of consecutive failedlogon attempts (as defined in the Failures Before Lockout field).

Note: Thesystem ignores the Lockout Duration settingif you set the Unlock field to No.

Reset Failure

The system keeps track of how many times a user tries to logon incorrectly. Use Reset Failure to specifythe number of minutes after a user is locked out that the system setsthe user's logon failure count to 0.

This setting is designedto detect hackers who try to access the system by submitting manymultiple logon requests before and after the Lockout Duration period.

Ifyou set Reset Failure to 0the system resets the failure count the next time the user successfullylogs on.

Unlock

Specify whether the system will unlock a user's account afterthe Lockout Duration expires:

• Yes: When the Failures BeforeLockout count has been reached the system unlocks theuser account after the time specified in Lockout Duration.
• No: The user account stays locked untilan administrator resets the password.

PasswordHistory

Use the Number In History optionto specify the number of previous passwords (plus the current password)to store in history. A user cannot re-use a password that is storedin history.

This feature is designed to prevent users from re-usingtheir favorite passwords.

For example:

• You set the Number In History to 5.
• Sterling TMS savesthe current password and the previous five passwords.
• Users cannot change their password to be any of these six passwords.