Managing password policy

The Password Policy feature allows you to define the strength of a password. For example, an administrator can restrict the number of previously used passwords and limit the number of days before the password expires.

Note: This feature is disabled by default.

From Server Settings, you can define password criteria by editing these settings:

  • Password Strength Criteria — Define the strength of a password and restrict the number of previously used passwords.
    • Minimum Password Length — configure the password length (7–30 characters).
    • Restrict usage of previously used passwords — configure the limit on password reuse (3-24 previous passwords).

    When you enable password strength criteria, it automatically requires that passwords contain the following:

    • One uppercase (A–Z)
    • One lowercase (a–z)
    • One numeric (0–9)
    • One special character (#?!@$%^&*-)
      Note: The password requirements can't be customized. If an existing password doesn't match the criteria, you are prompted to change it during the next logon.
  • Password Expiration Criteria — Enter the number of days before a password expires (30–365 days).