Password Complexity Policy

Parent Previous Next

When a user's password is changed it must adhere to certain standards in order to prevent passwords being 'easy' to guess.  The Password complexity policy controls how complex a password must be and also prevents passwords being reused to frequently.



New password different to previous n passwords

A user cannot reuse a password that has been previously used, the system will look back the number of previous passwords defined in the number field and check whether a valid password has been entered.



Apply password complexity retrospectively

If this option is set then a new rule will be enforced against all future logins, thus is a user's password does not meet the complexity of the current rule they will be forced to change their password the next time they login.



Standard Complexity


Using standard complexity allows you to control attributes of the user's password such as length, number of letters and numbers etc.  The default is for a password with a minimum of 7 characters.


Minimum Length

The minimum length of a user password, this is a mandatory requirement and the value cannot be set less than 7.


Maximum Length

The maximum length of a user password, this value cannot be less than the minimum length and it must be equal to or greater than the sum of upper case letters, numeric characters and non-alphanumeric characters.


Include at least n upper case letters

The user's password must contain at least this number of upper case letters.


Include at least n numeric characters

The user's password must contain at least this number of numeric characters.


Include at least n non-alphanumeric characters

The user's password must contain at least this number of non-alphanumeric characters.



Regular expression match

You can validate a user's password against a regular expression.


If selected, then set the expression in the top box and a valid test sample and use the 'Test' button to ensure that the validation is happening the way you expect.

A custom message can be displayed to the user.


Rules do not apply for specific user's?

user's defined here will only that the default policy applied.