Configure Password Options
An Administrator can set restrictions on passwords.
NOTE: Changes made to password settings affect passwords that are added and updated after the settings have been updated. Passwords created before the settings were updated are not affected.
NOTE: An Administrator can also prevent users from updating their passwords to specific words or numbers, e.g., “1234” or “password.” Refer to Set Forbidden Passwords for more information.
The following settings are available on the Parameters page Security Settings tab.
- Maximum Password Age - Sets the number of days before user account passwords expire. Once expired, users are required to reset their password. Enter 0 for the password to never expire. Default value is 30 days.
- Min Password Length - Sets the minimum password length for new or changed passwords. Zero allows any password length. Default value is 0.
- Password Require Alpha - Sets the requirement that users' passwords must contain at least one alpha character (A-Z or a-z).
- Password Require Numeric - Sets the requirement that users' passwords must contain at least one numeric character (0-9).
- Password Require Special - Sets the requirement that users' passwords must contain at least one special character (e.g., ? # ! @ $ %).
- Password History - Sets the number of passwords retained for each user. When a user sets a new password, the platform compares that password with the previous passwords to prevent password reuse. For example, if the Password History setting is 6, the Platform compares a password reset with that user’s 6 previous passwords and does not allow the user to enter a duplicate. A setting of 0 retains no passwords except the current one (i.e., there is no check for unique passwords for a user). Default value is 0.