Password Policy

During implementation, you set the password policy for the default user category. This topic describes the available options. To set the password policy, you perform the Manage Applications Security Preferences task, which opens the Administration page of the Security Console.

Click the User Categories tab and click the name of the default category to open it. Click Edit on the Password Policy subtab to edit the policy. You can change the password policy for any user category at any time.

Password Policy Options

This table describes the available options for setting password policy.

Password-Policy Option	Description	Default Value
Days Before Password Expiration	Specifies the number of days for which a password remains valid. After this period, users must reset their passwords. By default, users whose passwords expire must follow the Forgot Password process.	90
Days Before Password Expiry Warning	Specifies when a user is notified that a password is about to expire. By default, users are prompted to sign in and change their passwords. This value must be equal to or less than the value of the Days Before Password Expiration option.	80 Note: This value is 10 for new installations from Update 18B.
Hours Before Password Reset Token Expiration	When users request a password reset, they're sent a password-reset link. This option specifies how long a reset-password link remains active. If the link expires before the password is reset, then reset must be requested again. You can enter any value between 1 and 9999.	4
Password Complexity	Specifies whether passwords must be simple, complex, or very complex. Password validation rules identify passwords that fail the selected complexity test. The following password complexity types are available: Simple: Must contain at least 8 characters, 1 number. This is the default complexity type. Complex: Must contain at least 8 characters, 1 uppercase, 1 number. Very Complex: Must contain at least 8 characters, 1 uppercase, 1 number, 1 special character. Custom: Provides the flexibility to specify a combination of parameters to define a custom password. By default, the parameters are populated with predefined set of values to get you started. Note: For more information about defining custom password, see topic Configure a Custom Password Policy in the Related Topics section	Simple
Disallow last password	Select to ensure that the new password is different from the last password. If the user requests password reset by selecting Settings and Actions > Set Preferences > Password, then this option determines whether the last password can be reused. However, when a user's password expires, the user can reuse the last password. This option doesn't affect password reuse after expiry. This option doesn't take affect the first time a password is reset if a user is moved from a user category that didn’t have the Disallow last password option checked.	No
Administrator can manually reset password	Passwords can be either generated automatically or reset manually by the IT Security Manager. Select this option to allow user passwords to be reset manually. All passwords, whether reset manually or generated automatically, must satisfy the current complexity rule.	Yes

Note: Users are notified of password events only if appropriate notification templates are enabled for their user categories. The predefined notification templates for these events are Password Expiry Warning Template, Password Expiration Template, and Password Reset Template.