Password Policy
During implementation, you set the password policy for the default user category. This topic describes the available options. To set the password policy, you perform the Manage Applications Security Preferences task, which opens the Administration page of the Security Console.
Click the User Categories tab and click the name of the default category to open it. Click Edit on the Password Policy subtab to edit the policy. You can change the password policy for any user category at any time.
Password Policy Options
This table describes the available options for setting password policy.
Password-Policy Option |
Description |
Default Value |
---|---|---|
Days Before Password Expiration |
Specifies the number of days for which a password remains valid. After this period, users must reset their passwords. By default, users whose passwords expire must follow the Forgot Password process. |
90 |
Days Before Password Expiry Warning |
Specifies when a user is notified that a password is about to expire. By default, users are prompted to sign in and change their passwords. This value must be equal to or less than the value of the Days Before Password Expiration option. |
80 Note: This value is 10 for new installations from Update
18B.
|
Hours Before Password Reset Token Expiration |
When users request a password reset, they're sent a password-reset link. This option specifies how long a reset-password link remains active. If the link expires before the password is reset, then reset must be requested again. You can enter any value between 1 and 9999. |
4 |
Password Complexity |
Specifies whether passwords must be simple, complex, or very complex. Password validation rules identify passwords that fail the selected complexity test. The following password complexity types are available:
|
Simple |
Disallow last password |
Select to ensure that the new password is different from the last password. If the user requests password reset by selecting , then this option determines whether the last password can be reused. However, when a user's password expires, the user can reuse the last password. This option doesn't affect password reuse after expiry.This option doesn't take affect the first time a password is reset if a user is moved from a user category that didn’t have the Disallow last password option checked. |
No |
Administrator can manually reset password |
Passwords can be either generated automatically or reset manually by the IT Security Manager. Select this option to allow user passwords to be reset manually. All passwords, whether reset manually or generated automatically, must satisfy the current complexity rule. |
Yes |