For security reasons, you may want to enforce a password policy that requires certain
password characteristics.
You can
enforce
the following
password
requirements:
- Minimum number of characters
- Maximum number of characters
- At least one number
- At least one non-alphanumeric character
- Mixed upper and lower-case characters
- Allowed invalid login attempts
- Disallow old passwords
- Use of dictionary words
- Default password expiry
- Disable/delete user accounts
In the site-options.conf file, set the following variables.
Note: Default values are
inside
square brackets.
- MINIMUM_PASSWORD_LENGTH=6
|
[6]
- MAX_PASSWORD_LENGTH=12
|
[256]
- PASSWORD_REQUIRES_NUMBER=true
|
[true]
- PASSWORD_REQUIRES_NON_ALPHANUM=true
|
[true]
- PASSWORD_REQUIRES_MIXED_CASE=true
|
[true]
- REQUIRE_PASSWORD_SECURITY=true
|
[true]
- LOGIN_ATTEMPT_LOCK=3
| [3]
Tip: This option controls locking out the user account after
"n" invalid login attempts. Set this to zero or a negative number to
lock the user account when the user provides an incorrect password
for the first time. Set this to a positive number, say "2", to allow
the user two wrong password attempts. The user account would be
locked at the "x+1" (here, third) attempt. When a user's account is
locked, either an administrator must unlock it or the user can use
the "Forgot Your Password?" link to reset the password.
-
PASSWORD_HISTORY_AGE=5 | [5]
Tip: The maximum allowed value of
PASSWORD_HISTORY_AGE token is 10. This option
disallows the previous "n" passwords, while setting a password.
However, if this option is set to zero, a negative number or it is
left empty, the user can use any previous password. The password
being set must satisfy the existing password policy each
time.
-
ALLOW_PASSWORD_DICTIONARY_WORD=true
Note: You must set the
REQUIRE_PASSWORD_SECURITY
token to
true
in the site-options.conf file, for
LOGIN_ATTEMPT_LOCK,
PASSWORD_HISTORY_AGE
and
ALLOW_PASSWORD_DICTIONARY_WORD
security setting to take effect.