Implement password policy controls at login. Force users to change their password if the password does not meet the password policy criteria.

Before you begin

Role required: admin

About this task

The Password Policy plugin (com.glide.password_policy) is enabled by default. The policy goes into effect when a user changes or resets the password.

The Password Strength Preset field is automatically set to Default Strong. If you want to add new criteria, you can perform the following procedure.

If you customized your instance through the ValidatePasswordStronger installation exit or your Password Reset credential store pwd_cred_store property, then see password policy properties to know how to implement a password policy for your instance.

Note: The active password policy is highlighted for the Instance as shown.
Password Highlighted when set as active

To change the password policy navigate to All > Password Reset > Credentials Stores, select the credentials and change the Password policy field to the required policy input.

Procedure

  1. Navigate to All > Password Policy > Password Policies.
  2. Click New.
    The Password Policy form appears.
  3. Specify the Name for your password policy.
  4. In the Password Policy Criteria section, select one of the following presets from the Password Strength Preset field.
    Password Strength PresetDescription
    Default Auto-populates the fields for required password characters as follows:
    • Sets Minimum Uppercase Character(s) to 1.
    • Sets Minimum Lowercase Character(s) to 1.
    • Sets Minimum Numeric Character(s) to 1.
    • Sets Minimum Special Character(s) to 0.

    The minimum password length is 8 characters, and the maximum is 100.
    Medium Auto-populates the fields for required password characters as follows:
    • Sets Minimum Uppercase Character(s) to 1.
    • Sets Minimum Lowercase Character(s) to 1.
    • Sets Minimum Numeric Character(s) to 1.
    • Sets Minimum Special Character(s) to 1.

    The minimum password length is 12 characters, and the maximum is 40.
    High Auto-populates the fields for required password characters as follows:
    • Sets Minimum Uppercase Character(s) to 1.
    • Sets Minimum Lowercase Character(s) to 2.
    • Sets Minimum Numeric Character(s) to 1.
    • Sets Minimum Special Character(s) to 3.

    The minimum password length is 8 characters, and the maximum is 100.
    Default Strong Auto-populates the fields for required password characters as follows:
    • Sets Minimum Uppercase Character(s) to 1.
    • Sets Minimum Lowercase Character(s) to 1.
    • Sets Minimum Numeric Character(s) to 1.
    • Sets Minimum Special Character(s) to 1.

    The minimum password length is 8 characters, and the maximum is 100.
    Custom Auto-populates the fields for required password characters as follows:
    • Sets Minimum Uppercase Character(s) to 1.
    • Sets Minimum Lowercase Character(s) to 1.
    • Sets Minimum Numeric Character(s) to 1.
    • Sets Minimum Special Character(s) to 1.

    The minimum password length is 8 characters, and the maximum is 100.

    You can also customize the Password Policy Script that is displayed.
    Advanced Selecting Advanced displays Password Rule Script and Password Strength Script. Based on your requirement you can customize these scripts.
    Note: Password policy is applied based on the selected preset.
  5. On the form, fill in the remaining fields.
    Table 1. Password Policy form
    FieldDescription
    Minimum Password Length Minimum length of the password. This option is displayed for all the presets except for Advanced. Set this field to a minimum of 8–10 characters.
    Maximum Password Length Maximum length of the password. This option is displayed for all the presets except Advanced. Set this field to a maximum of 100 characters.
    Minimum Uppercase Character(s) Minimum number of uppercase characters in the password, from 0 to 10.
    Minimum Lowercase Character(s) Minimum lowercase characters in the password, from 0 to 10.
    Minimum Numeric Character(s) Minimum numeric of characters in the password, from 0 to 10.
    Minimum Special Character(s) Minimum number of special characters in the password, from 0 to 10.
    Included Special Characters Allow a restricted set of special characters without any delimiter.

    For example, if you enter $,!, then users can only use "$" and "!" as special characters in the password. No other special characters can be used. A password with other special characters is not allowed.
    Excluded Special Characters Allow a restricted set of special characters without any delimiter.
    For example, if you enter @$!, then users cannot use '@', '$' and '!' as special characters in their passwords.
    Note: This option is available if the glide.password_policy.use_excluded_special_char property is enabled.
    Disallow User Data Option to disallow user data that is authentication-related.
    Sequence Length Threshold The sequence length of your password.
    Repetition Length Threshold The repetition length of your password.
    Note:
    • Both the sequence length threshold and repetition length threshold can have a maximum of eight characters. These fields enable you to restrict weak combinations of passwords that have predictable and repeating sequences such as "123456", "qwerty", "!@#$%^", "aaaaa", and so on.
    • If Password Strength Preset is set to Default Strong, then the length for both sequence length threshold and repetition length threshold is set to four characters.
    Test Your Password Specify your actual password in this field.
  6. Click Test Your Password.
  7. After the password is tested as valid, click Submit to submit the password.
    Note: Always test your password before submitting.