Password Policies

Each user in the system has a corresponding password, which can be changed. The system will require that new passwords comply with a Password Policy. By default, the policy is this:

  • Minimum number of uppercase characters: 1

  • Minimum number of lowercase characters: 1

  • Minimum number of numeric digits: 1

  • Minimum number of special characters: 1

  • Minimum password length: 16

  • Maximum password Length: 64

  • Password expiration duration: 90 days

  • Minimum age to reuse a password: 4 days

The password expiration duration indicates the time after which a password is created when it will become invalid. Users should change their passwords before this time expires.

Note

In addition to these adjustable settings, there are other checks. For example, having the password be the same as the user’s username or email address is not allowed.

See Also