You assign password policies to security domains to define users’ password length, format, and frequency of change.
In a replicated deployment, changes to policies might not be immediately visible on the replica instance. This delay is due to the cache refresh interval. Changes should replicate within 10 minutes. To make changes take effect sooner on the replica instance, see Flush the Cache.
In the Security Console, click Authentication > Policies > Password Policies > Add New.
Under Password Policy Basics, do the following:
In the Password Policy Name field, enter a unique name for the new password policy. Do not exceed 128 characters.
(Optional) To require users to use only system-generated passwords, select Require users to use system-generated passwords.
(Optional) To designate this policy as the default policy, select Set as the default password policy. When this option is selected, new security domains use this password policy.
Under Lifetime, do one of the following:
Clear the default setting Require periodic password changes, and go to step c.
Leave the default setting Require periodic password changes selected, and specify the following options:
For Maximum Lifetime, specify how long a password can be used.
For Minimum Lifetime, specify how long users must wait before changing a password. Specifying a minimum lifetime prevents users from bypassing re-use restrictions by immediately changing their passwords.
To prevent users from using a password they have used previously, select Restrict Re-use. You can specify the number of previous passwords that cannot be used or prevent any previous passwords from being used again.
Under Format, do the following:
In the Minimum Length field, enter the minimum number of characters required in a password. The default is 8.
In the Maximum Length field, enter the maximum number of characters allowed in a password. The default is 32.
(Optional) In the Excluded Characters field, enter any characters that you do not want to allow users to include in passwords. You can specify up to 50 excluded characters.
From the Excluded Words Dictionary drop-down list, select which excluded words dictionary that you want to use. This dictionary contains a list of prohibited passwords.
(Optional) In the Character Requirements fields, enter the minimum number of each character type required for a valid password.