Managing password policy The Password Policy feature allows you to define the strength of a password. For example, an administrator can restrict the number of previously used passwords and limit the number of days before the password expires. Note: This feature is disabled by default. From Server Settings, you can define password criteria by editing these settings: Password Strength Criteria — Define the strength of a password and restrict the number of previously used passwords. Minimum Password Length — configure the password length (7–30 characters). Restrict usage of previously used passwords — configure the limit on password reuse (3-24 previous passwords). When you enable password strength criteria, it automatically requires that passwords contain the following: One uppercase (A–Z) One lowercase (a–z) One numeric (0–9) One special character (#?!@$%^&*-) Note: The password requirements can't be customized. If an existing password doesn't match the criteria, you are prompted to change it during the next logon. Password Expiration Criteria — Enter the number of days before a password expires (30–365 days).