Password and user lockout policy

Password policy

Various settings for rules applied to passwords.

The following table provides detailed instructions on each configuration setting:

Configuration Parameter Name

Description

Minimum Password Length

Defines the minimum length of the password fields in the system. The setting applies for all users configured on the web interface.

Passwords Expire after (days)

Defines the number of days, after which the passwords expire in the system. This setting only applies for users where this feature is enabled. 0 means that the password never expires.

Passwords Must Include Capital Letter

Password phrases must include at least one capital letter or not. The setting applies for all users configured on the web interface.

Passwords Must Include Numeric Character

Password phrases must include at least one numeric character or not. The setting applies for all users configured on the web interface.

Passwords Must Include Special Character

Password phrases must include at least one special character or not. The setting applies for all users configured on the web interface.

Password History Count

Defines how many passwords will be stored for each user. Password history prevents users from changing their passwords to ones that they have used in the past. If the value equals to 0, it means that password history is disabled. The setting applies for all users configured on the web interface.

User lockout policy

When enabled the user lockout settings automatically locks users out after a certain number of incorrect login attempts.

The following table provides detailed instructions on each configuration setting:

Configuration Parameter Name

Description

User Lockout Attempts Threshold

The lockout threshold can be set to any value from 0 to 999 (attempts). If the lockout threshold is set to zero, users will not be locked out due to invalid sign-in attempts. Any other value sets a specific lockout threshold. The setting applies for all users configured on the web interface.

User Lockout Threshold Reset After (minutes)

This option defines how long the system caches the failed login attempts. If the user makes as many failed login attempts as the User Lockout Attempts Threshold configuration setting specifies in the User Lockout Threshold Reset After (minutes) interval, then the user will be locked out.