Managing Password Policies
Admins can define custom password policies to enforce the usage of strong passwords for their users. Applying password policies is highly recommended to establish higher security and hinder identity theft.
Configuring the Password Policy
As an admin, you can configure the password policy, which is used for the validation of password-based logins.
To configure the Password Policy, perform the following steps:
Navigate to the Policies page. It should load the Password tab.
Click on the Edit button in the Actions column to change the desired policy.
A dialog will appear. Apply the desired changes and click on the Confirm Button.
Note that the policy will be only applied if it is Enabled state.
Password Policy Options
The following table gives an overview of available Policy Types:
The minimum of digits required to be in the password string.
The number of days until a password expires. After expiration, the user will be prompted to change the password.
Passwords are encrypted at rest. The underlying hashing algorithm can be chosen here.
This value specifies the number of times a password will be hashed before it is stored or verified.
The number of lower case letters required to be in the password string.
Not Recently Used
This policy saves a history of previous passwords. The number of old passwords stored is configurable. When a user changes their password they cannot use any stored passwords.
If enabled, the password is not allowed to be the same as the username.
The number of special characters like '?!#%$' required to be in the password string.
The number of upper case letters required to be in the password string.