Set Up User Account Password Policy
Secure Cloud Access provides a default password policy. You can change the default settings to meet your organization’s needs.
- Select Administration > User Management.
- Click the User Account Password Policy link.
The Password Policy screen is displayed. (The Save button becomes active once you begin entering changes.)
- Change the policy items as needed:
Field Description Minimum Length Specifies the minimum number of characters that can make up a password for a user account. You can set a value of between 1 and 13 characters. To specify that no password is required, set the number of characters to (zero).
A minimum of 8 characters is recommended. This number is long enough to provide adequate security, but not too difficult for users to remember. This value also helps to provide adequate defense against a brute force attack.
Maximum Length Specifies the maximum number of characters that can make up a password for a user account.
If you specify 0 (zero), the allowed length will be unlimited. A setting of 0 (unlimited) or a relatively large number such as 100 is recommended.
Lowercase Characters Specifies the minimum number of lowercase characters that must be present in a password for a user account.
If you enter 0 (zero), no lowercase characters are allowed in the password. A minimum of 1 lowercase character is recommended.
Uppercase Characters Specifies the minimum number of uppercase characters that must be present in a password for a user account.
If you enter 0 (zero), no uppercase characters are allowed in the password. A minimum of 1 uppercase character is recommended.
Special Characters Specifies the minimum number of special characters (for example, @ or $) that can make up a password for a user account.
If you enter 0 (zero), no special characters are required in the password. A minimum of 1 special character is recommended.
Numerics Specifies the minimum number of numeric characters that must be present in a password for a user account.
If you enter 0 (zero), no numeric characters are required in the password. A minimum of 1 numeric character is recommended.
Enforce Password History Specifies the number of unique new passwords that must be associated with a user account before an old password can be reused.
A low number allows users to use the same small number of passwords repeatedly. For example, if you select 0, 1, or 2, users can reuse old passwords more quickly. Setting a higher number will make using old passwords more difficult.
Password Expiration Period Specifies the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 99, or you can specify that passwords never expire by setting the number of days to 0 (zero). Invalid Login Attempts Allowed Specifies the number of failed login attempts that will cause a user account to be locked. A locked account cannot be used until it is reset by an administrator or until the number of minutes specified by the Lockout Effective Period policy setting expires.
You can set a value from 1 through 999. If you want the account never to be locked, you can set the value to 0 (zero).
Lockout Effective Period Specifies the number of minutes that an account remains locked out before automatically becoming unlocked. The available range is from 1 through 99 minutes. A value of 0 (zero) means that the account will be locked out until an administrator unlocks it. - Click Save.
