For security reasons, you may want to enforce a password policy that requires certain
password characteristics.
You can specify the following characteristics:
- Minimum number of characters
- At least one number
- At least one non-alphanumeric character
- Mixed upper and lower-case characters
- Allowed invalid login attempts
- Disallow old passwords
- Use of dictionary words
- Default password expiry
- Disable/delete user accounts
In the site-options.conf file, set the following variables.
Note: Default values are indicated by brackets.
-
MINIMUM_PASSWORD_LENGTH =[8]
-
PASSWORD_REQUIRES_NUMBER = true | [true]
-
PASSWORD_REQUIRES_NON_ALPHANUM = true | [true]
-
PASSWORD_REQUIRES_MIXED_CASE = true | [true]
-
REQUIRE_PASSWORD_SECURITY = true | [true]
-
LOGIN_ATTEMPT_LOCK = 3
Tip: This option controls locking out the user account after "n"
invalid login attempts. Set this to zero or a negative number to
lock the user account when the user provides an incorrect password
for the first time. Set this to a positive number, say "2", to allow
the user two wrong password attempts. The user account would be
locked at the "x+1" (here, third) attempt. When a user's account is
locked, either an administrator must unlock it or the user can use
the "Forgot Your Password?" link to reset the password.
-
PASSWORD_HISTORY_AGE=5 | [5]
Tip: The maximum allowed value of
PASSWORD_HISTORY_AGE token is 10. This option
disallows the previous "n" passwords, while setting a password.
However, if this option is set to zero, a negative number or it is
left empty, the user can use any previous password. The password
being set must satisfy the existing password policy each
time.
-
ALLOW_PASSWORD_DICTIONARY_WORD=true
Note: You must set the "REQUIRE_PASSWORD_SECURITY" option to
"true" in the site-options.conf file, for
"LOGIN_ATTEMPT_LOCK", "PASSWORD_HISTORY_AGE" and
"ALLOW_PASSWORD_DICTIONARY_WORD" security setting to take effect.