Configuring password and account lockout policies (Web UI)

Take the following steps to configure password and account lockout policies.

1. Navigate to the System Configurations view by clicking the configuration icon . Then, select the Password Configuration tab.
2. Select your preferred password option.
   • No Password Policy: No password policy will be enforced. Select this option if you do not want to enforce a policy. Separately, you may still trigger a password reset (Step 7), require users to provide a current password at reset (Step 8), and configure an account lockout policy (Step 9).
   • Default Password Policy: This is the default policy. Select this option and click Save to use the default policy. No other steps are required. Separately, you may still trigger a password reset (Step 7), require users to provide a current password at reset (Step 8), and configure an account lockout policy (Step 9).
   • Custom Password Policy: This selection displays several options for configuring a custom policy. Proceed to the next step to configure the policy.
3. Use the Change password once (in days) slider to set an expiration for new and updated passwords. This requires users to reset their passwords within the specified number of days.
   Note: The password expiration does not apply to any user with the NoPasswordExpiration (30) permission. In turn, the password expiration does not apply to the system administrator who has all permissions via the Administrator (12) permission.
4. Use the Select minimum characters slider to set the minimum number of characters allowed.
5. Use the Select maximum characters slider to set the maximum number of characters allowed.
6. Tick the check box for each of the following rules you would like to include in the policy.
   • Require upper case
   • Require lower case
   • Require numbers
   • Require special characters
7. Optional. Trigger a password reset for all user accounts across the system. This requires all users to reset their passwords within the specified number of days.
   Important:

   • Entering 0 (zero) days will trigger an immediate password reset.
   • A password reset applies to all users, including users with the NoPasswordExpiration (30) permission and administrators.
   • If the password for a user account is set to expire sooner than the specified number of days, that password's expiration will not be changed.

   Substeps

   1. Click Reset User Password.
   2. Enter the number of days in which passwords will expire.
      Note: For an immediate reset, enter the keywords Password Reset.
   3. Click Yes.
8. Toggle the Enable Secure Password switch to the preferred setting.
   • ON: Users are required to enter their current password before specifying a new password when resetting their password.
   • OFF: Users need only provide a new password when resetting their password.
9. Configure an account lockout policy by providing values for the following lockout options.
   • PasswordLockoutInterval: This option determines the duration, in seconds, for counting the number of consecutive failed authentication attempts.
   • PasswordLockoutLimit: This option determines the number of consecutive failed authentication attempts that are allowed before locking the user account. By default, account lockout functionality is enabled with PasswordLockoutLimit set to 3. Setting PasswordLockoutLimit to zero disables lockout functionality.
   • PasswordLockoutPeriod: This option determines the duration, in seconds, for which a user account will not be allowed to authenticate to the system when the PasswordLockoutLimit is reached.
10. Click Save in the lower right hand corner to save changes.

Result: You have successfully configured password and account lockout policies.