Password Policies
Each user in the system has a corresponding password, which can be changed. The system will require that new passwords comply with a Password Policy. By default, the policy is this:
Minimum number of uppercase characters: 1
Minimum number of lowercase characters: 1
Minimum number of numeric digits: 1
Minimum number of special characters: 1
Minimum password length: 16
Maximum password Length: 64
Password expiration duration: 90 days
Minimum age to reuse a password: 4 days
The password expiration duration indicates the time after which a password is created when it will become invalid. Users should change their passwords before this time expires.
Note
In addition to these adjustable settings, there are other checks. For example, having the password be the same as the user’s username or email address is not allowed.