Template Password Requirements
Overview
A password requirement is a stored Secret Server object that defines the requirements on a password text-entry field to validate user-entered passwords or make auto-generated passwords conform to set specifications. You can have multiple password requirements, but only one can be set to the default.
A password requirement is made up of a minimum and maximum length, a set of characters, and optional rules such as "At least three upper-case characters" or "The first character must be lower-case". The default password requirement is 12 characters from the default character set with at least one upper-case, lower-case, numeric, and symbol character.
Creating a Custom Password Requirement
To create a new password requirement:
-
Click the Settings drawer in the main menu. The All Settings page appears.
-
Click the Secret Templates link in the Secrets Section. The Templates tab of the Secret Template page appears.
-
Click the Password Requirements tab.
-
Click the Create button. A popup appears.
-
Type the name of the new password requirement in the Name text box.
-
(Optional) Type a description of the new password requirement in the Description text box.
-
Click the Minimum Password Length spinner to select or type a minimum allowed password length.
-
Click the Character Set dropdown list to select a character set for the password. The out-of-the-box default is
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()
. -
If you want the password requirement to become the new default, click to select the Is Default check box.
-
Click to select the desired password no-no check boxes. The options are:
- Prevent Username: Do not allow the username to be part of the password.
- Prevent Spatial Pattern: Do not allow strings of characters based their order on the keyboard, such as
qwerty
orasdfg
. - Prevent Sequential Pattern: Do not allow strings of characters based on their order in the character set, such as
abcd
or5678
. - Prevent Dictionary Words: Do not allow everyday English words in the password.
-
Click the Save button. The popup closes and the page for the new requirement appears (containing the choices you just made for the details and generation sections):
-
Scroll down to the Password Validation section.
-
Click the Edit button. The section expands.
-
Most of the validation rules are ones you have already set with these two exceptions, which you can now set:
- Prevent Dictionary Words: Do not allow everyday English words in the password.
- Prevent Words from Dictionary …: Do not allow words that appear in the named dictionary. In our example, the dictionary is named "Test."
-
Go to the Starting and Ending Character Validation section.
-
Click the Edit button.
-
To require specific starting characters, click to select the Require Specific Starting Characters check box. Two hidden controls appear. This allows you to make rules such as "password must start with three symbols and end with two lowercase letters."
"Start and end with" rules can decrease the password entropy (resistance to brute force attacks). -
Type or click the spinner to set the number of required starting characters.
-
Click the characters from dropdown list to select the character set to draw the characters from.
-
Repeat the procedure for any desired ending characters.
-
Click the Save button. An edit button now appears for the Character Count Validation section.
-
To set character count validation rules:
-
Click the Edit button for the Character Count Validation section. The section expands.
-
Click the Add Rule button and select one of the following types:
-
Minimum Required Characters Rule: For the first rule type, type the number of characters and select what character set they must come from, for example, "Minimum 5 characters from Upper Case (A-Z)."
-
Maximum Consecutive Characters Rule: For the second rule, type the number of characters and select what character set they must come from, for example, "Maximum 5 characters from Lower Case (a-z)."
-
Repeating Characters Rule: Sets a limit on how many times any single character can appear in a password. You can set it anywhere between one and the maximum length of the password requirement. For example, the rule "At most 1 of the same character" means that any character can only appear one time in a password:
Bztyopz
is invalid because there are twoz
characters, andBztyopx
is valid because no character appears more than once -
Repeating Consecutive Characters Rule: Sets a limit on how many times any single character can appear in a sequence in a password. You can set it anywhere between one and the maximum length of the password requirement. For example, "At most consecutively 2 of the same character" means any character can only appear one time in a password:
Bzty1fxeee
is invalid because there are threee
characters at the end of the password.Bzty11fxe
is valid because no character appears more than twice. Finally,Bzetey1efxe
is valid, even though there are threee
characters, because they do not appear next to each other.
-
-
Once you create more than one rule, the Minimum Required Character Count Rules dropdown list appears. This allows you to set whether you want a minimum number of rules enforced from those you created or all of them.
-
Create as many additional character count validation rules as you desire by clicking the Add Rule button and repeating the procedure.
-
Click the Save button.
-
-
Review the Password Rule Strength section to see how strong your choices are and any recommendations for improvement. The two tests are:
- Entropy Score: The difficulty of cracking the password in a brute-force attack.
- Total Strength Score: An overall weighted measure of password strength for passwords generated by the password requirements. Any rule conflicts will appear in the recommendations section.