Set the Password Policy

You can specify the password policy to require stronger passwords or periodic password changes.

  1. In the Administration section of the navigation bar, click Manage Users.

  1. Click configure the password policy.

    There are two sections to the page. First, you will configure basic parameters, and then you will have an option to select Simple Configuration or Advanced Configuration parameters.

    1. Enter the Minimum Password Length: The minimum number of characters that the password must contain in the field. Typically, passwords must contain a minimum of 8 characters for an installation to be considered secure.

    2. Enter the Maximum Password Age: To require that passwords be changed periodically, specify the time in any combination seconds, minutes, hours, days, weeks, or months. For example, “14 days” or “4 weeks, 3 days.” Leave this field empty if you do not want to force users to change their passwords.

    3. Enter the Number of Passwords to Save: To prevent users from reusing passwords by specifying how many different passwords are saved for each user. To prevent the new password from being the same as the current password and the immediate previous password, set this to 2.

    4. Configuration options: Select either option to display the configurable fields.

      Option 1: Simple Configuration

      Password requirements enable you to specify the minimum number of upper-case and lower-case letters, numbers, and punctuation characters that a password must contain. Enter the number of characters required for Lowercase Letters, Uppercase Letters, Punctuation, Characters, and Digits. Punctuation characters include the following characters: !"#$%&'()*+,-./:;?@[\\\]_`{|}~.

      Option 2: Advanced Configuration

      Click add a requirement to display additional fields. You can specify a regular expression (for example, [A-Za-z0-9] in the Pattern field, and then enter a Message to be displayed when the user attempts to create a password that does not meet that pattern. Passwords are accepted only if they match all required patterns.

  1. Click Save Password Policy.

    Existing users will be required to change their passwords to comply with the new policy the next time they log on to the Validation Responder Appliance Management Console.