2.2.1.8 Passwords

Password configuration, such as setting passwords, password history rules, and password expiration, occurs in Administration. The application provides two options to set the passwords:

The user interface provides two forms of password expiration. The administrative user can configure password expiration on a system-wide basis. By default, password expiration occurs after 90 days. The administrative user can also disable the password expiration function. For procedural information on configuring password expiration, see Configuring the expiration of a password.

Password expiration is also forced the first time that a user logs in to the user interface. During initial user account setup, the administrative user grants the user a temporary password. When the user attempts to log in for the first time, the software forces the user to change the password. The user is redirected to page where the user must enter the old password and then enter a new valid password twice.

A valid password:

  • Must contain minimum 8 to 16 characters.
  • Must contain minimum three of the four types of following characters: numerics, lower case letters, upper case letters, or special characters (! @ # $ % ^ & * ? ~).
  • The password cannot be the same as the username or include the username in any part of it. For example, Username=jsmith and password=$@jsmithJS would be invalid.
  • cannot be the inverse of the Username (for example, Username=jsmith and password=$@htimsj would be invalid).
  • There cannot be three or more consecutively repeated characters, or three or more ascending or descending alpha-numeric characters in a row. For example, 1234, aaaa, dcba.
  • The last three passwords cannot be reused..