Password Settings
You can enable users to perform certain tasks related to their accounts.
To access and enable the Password Settings options:
- Log in to Admin Portal, click Access > Policies, and select the policy set.
- Click User Security > Password Settings. Once enabled you can configure the following options:
Password Requirements
| Available Settings | Description |
|---|---|
| Minimum password length (default 8) | Use the drop-down list to select the minimum length required for a password or "--" to use the default setting, which is 8. |
| Maximum password length (default 64) | Use the drop-down list to select the maximum length required for a password or "--" to use the default setting, which is 64. |
| Require at least one digit (default yes) | Select Yes to require the user to have at least one digit in the password, No to require no digits in the password, or "--" to use the default setting, which is Yes. |
| Require at least one upper case and one lower case letter (default yes) | Select Yes to require the user to have at least one upper case and one lower case (total two letters) in the password, No to require no letters in the password, or "--" to use the default setting, which is Yes. |
| Require at least one symbol (default no) | Select Yes to require at least one symbol, No to require no symbols, or "--" to use the default setting. The default is No. |
Display Requirements
| Available Settings | Description |
|---|---|
| Show password complexity requirements when entering a new password (default no) | Enabling this policy displays the password complexity requirements when updating a user account password. The default value "--" is equivalent to No. |
| Password complexity requirements for directory services other than Delinea Directory | Password complexity requirements for Delinea Directory users are automatically discovered but all other directory services require manually entering a complexity requirement string. |
Additional Password Setting Requirements
| Available Settings | Description |
|---|---|
| Limit the number of consecutive repeated characters | Password cannot contain consecutive repeated characters equal to or more than the set value. The default is to allow consecutive repeated characters. |
| Check against weak password | Select Yes to check password-strength, No to save password without password-strength checking, or "--" to use the default setting, which is No. |
| Allow username as part of password | Select Yes to allow username in the password, No to disallow username in the password, or "--" to use the default setting, which is Yes. |
| Allow display name as part of password | Select Yes to allow part of displayname in the password, No to disallow part of displayname in the password, or "--" to use the default setting, which is Yes. |
| Require at least one Unicode characters | Select Yes to require the user to have at least one unicode in the password, No to require no unicode in the password, or "--" to use the default setting, which is No. |
Password Age
| Available Settings | Description |
|---|---|
| Minimum password age before change is allowed (default 0 days) | The default is 0 days. Users will not be allowed to change or reset their password until the current password is at least this old. |
| Maximum password age (default 365 days) | The default is 365 days. After the password expires, users are prompted to enter their current password and then enter a new one. Enter 0 (zero) if you do not want to specify a password expiration period. |
| Password history (default 3) | Use the drop-down list to select the number of most recent passwords to save or "--" to use the default setting. The user cannot re-use the passwords on this list. The number you enter is displayed in the message when the user is prompted to enter a new password. |
| Password Expiration Notification (default 14 days) | Select the number of days before a user's password expires to begin posting a notification of expiration through a portal banner and daily emails. This policy applies to Delinea Directory users and Active Directory accounts. |
| Escalated Password Expiration Notification (default 48 hours | Select the number of hours before a user's password expires to present a change password dialog. The dialog is automatically displayed when the user logs in. This policy applies to Delinea Directory users and Active Directory accounts. Note: This policy is not supported on mobile clients. |
| Enable password expiration notifications on enrolled mobile devices | When enabled, password expiration notifications are sent to registered mobile devices. The default setting "--" is equivalent to Yes. |
Capture Settings
| Available Settings | Description |
|---|---|
| Maximum consecutive bad password attempts allowed within window (default Off) | Use the drop-down list to select the number of failed password attempts allowed within the period you specify in the "Capture window for consecutive bad password attempts" policy before the user is locked out, Off to allow the user an unlimited number of failed attempts, or "--" to use the default setting. Users are locked out for the time period you specify in the "Lockout duration before password re-attempt allowed" policy when they fail in the attempt after the number you select. |
| Capture window for consecutive bad password attempts (default 30 minutes) | Enter the number of minutes to define the time period before the number of failed password attempts is reset. This time period is only applicable when the "Maximum consecutive bad password attempts allowed within window" policy defines the number of failed attempts allowed and is not set to Off. The user is locked out for the time period you set in the "Lockout duration before password re-attempt allowed" policy. After that, the user can attempt to log in again. |
| Lockout duration before password re-attempt allowed (default 30 minutes) | Enter the number of minutes users must wait before they can attempt to log in again after lockout. |
