Password and user lockout policy
- Kiss, Mate
- Fenyvesi, Gabor
Password policy
Various settings for rules applied to passwords.
The following table provides detailed instructions on each configuration setting:
Configuration Parameter Name | Description |
|---|---|
Minimum Password Length | Defines the minimum length of the password fields in the system. The setting applies for all users configured on the web interface. |
Passwords Expire after (days) | Defines the number of days, after which the passwords expire in the system. This setting only applies for users where this feature is enabled. 0 means that the password never expires. |
Passwords Must Include Capital Letter | Password phrases must include at least one capital letter or not. The setting applies for all users configured on the web interface. |
Passwords Must Include Numeric Character | Password phrases must include at least one numeric character or not. The setting applies for all users configured on the web interface. |
Passwords Must Include Special Character | Password phrases must include at least one special character or not. The setting applies for all users configured on the web interface. |
Password History Count | Defines how many passwords will be stored for each user. Password history prevents users from changing their passwords to ones that they have used in the past. If the value equals to 0, it means that password history is disabled. The setting applies for all users configured on the web interface. |
User lockout policy
When enabled the user lockout settings automatically locks users out after a certain number of incorrect login attempts.
The following table provides detailed instructions on each configuration setting:
Configuration Parameter Name | Description |
|---|---|
User Lockout Attempts Threshold | The lockout threshold can be set to any value from 0 to 999 (attempts). If the lockout threshold is set to zero, users will not be locked out due to invalid sign-in attempts. Any other value sets a specific lockout threshold. The setting applies for all users configured on the web interface. |
User Lockout Threshold Reset After (minutes) | This option defines how long the system caches the failed login attempts. If the user makes as many failed login attempts as the User Lockout Attempts Threshold configuration setting specifies in the User Lockout Threshold Reset After (minutes) interval, then the user will be locked out. |