Password policy settings can be configured specifically for your application. You can follow these steps to make your settings:
Configuring the Password Policy Settings Module
- Policy Name: When creating a policy, start by entering a distinctive name.
- Characters and Size:
- Specify the characters that can or cannot be used in passwords and password lengths.
Password Requirements (Must Contains)
Through this tab you can set the properties that the password should contain:
- Lower case (a-z), upper case (A-Z), numeric value (0-9) and special characters (for example: !, @, #).
- Define the minimum number of characters and any special characters required.
Password Must NOT Contains
This tab allows you to set properties that the password should not contain:
- Special words (for example, “admin” or “password”)
- Consecutive numbers or repeated letters (for example, “1234” or “aaaa”)
- Personal information such as the user's first and last name or date of birth.
Password Length
Set minimum and maximum character lengths.
Account Locking and Duration Settings (Locking)
- Password Expiration:
- Set the number of days the password will be valid and set the timing of notifications to the user before it expires.
- Account Lockout:
- Limit the number of incorrect password entries.
- Set the time period after which the account will be locked after a maximum number of failed entries.
- CAPTCHA Settings:
- Set the number of incorrect CAPTCHA entry attempts.
- Define the maximum number of incorrect password entries for CAPTCHA to become active.
- Last Passwords:
- Set whether the last used password can be reused when creating a new password.
- Define how many previous passwords the new password cannot resemble.
By making these settings, you can enable your users to create strong and secure passwords and increase security standards in your application.
