Managing Password Policies
ULTIMATE
Feature Deprecation
Please note that the Policies feature, including Password Policy configuration, was deprecated in qibb v1.43.0 and will be removed in qibb v1.45.0.
Functionality will be replaced by a custom configuration request via our service desk (Ultimate subscription required). Ultimate customers can request login and policy configuration through a support ticket. Otherwise, default configuration will apply based on industry best practices.
Admins can define custom password policies to enforce the usage of strong passwords for their users. Applying password policies is highly recommended to establish higher security and hinder identity theft.
Password Policy Options
The following table gives an overview of available Policy Types:
Policy Type | Description |
|---|---|
Digits | The minimum of digits required to be in the password string. |
Expire Password | The number of days until a password expires. After expiration, the user will be prompted to change the password. |
Hashing Algorithm | Passwords are encrypted at rest. The underlying hashing algorithm can be chosen here. |
Hashing Iterations | This value specifies the number of times a password will be hashed before it is stored or verified. |
Lower Characters | The number of lower case letters required to be in the password string. |
Not Recently Used | This policy saves a history of previous passwords. The number of old passwords stored is configurable. When a user changes their password they cannot use any stored passwords. |
Not Username | If enabled, the password is not allowed to be the same as the username. |
Special Characters | The number of special characters like '?!#%$' required to be in the password string. |
Uppercase Characters | The number of upper case letters required to be in the password string. |