Account security policy settings
Use this information to understand and select the account security policy setting for your server.
Click the Account Security Level tab to select the account security policy setting. There are three levels of account security policy settings:
- Legacy Security Settings
- High Security Settings
- Custom Security Settings
The Account Security Level tab is shown in the following illustration.
Select the account security policy setting from the Security Settings item list.
Note
- The Legacy Security Settings and High Security Settings predefine the policy setting values and cannot be changed.
- The Custom Security Settings allow users to customize the security policies as needed.
The following table shows the values for each level of the security settings.
| Policy setting/field | Legacy Security Settings | High Security Settings | Custom Security Settings |
|---|---|---|---|
| Password required | No | Yes | Yes or No |
| Complex password required | No | Yes | Yes or No |
| Password expiration period (days) | None | 90 | 0 365 |
| Minimum password length | None | 8 | 5 20 |
| Minimum password reuse cycle | None | 5 | 0 5 |
| Minimum password change interval (hours) | None | 24 | 0 240 |
| Maximum number of login failures (times) | 5 | 5 | 0 10 |
| Lockout period after maximum login failures (minutes) | 2 | 60 | 0 240 |
| Minimum different characters in passwords | None | 2 | 0 19 |
| Factory default 'USERID' account password must be changed on next login | No | Yes | Yes or No |
| Force user to change password on first access | No | Yes | Yes or No |
The following information is a description of the fields for the security settings.
- Password required
- This field indicates whether login IDs with no password are allowed to be created. If the Password required checkbox is selected, any existing login ID's with no password will be required to define a password the next time the user logs in.
- Complex password required
- If complex passwords are required the password must adhere to the following rules:
- Passwords must be a minimum of eight characters long.
- Passwords must contain at least three of the following four categories:
- At least one lower case alpha character.
- At least one upper case alpha character.
- At least one numeric character.
- At least one special character.
- Spaces or white space characters are not allowed.
- Passwords may have no more than three of the same character used consecutively (for example, aaa).
- Passwords must not be a repeat or reverse of the associated user ID.
- Password expiration period (days)
- This field contains the maximum password age that is permitted before the password must be changed. A value of 0 to 365 days are supported. The default value for this field is 0 (disabled).
- Minimum password length
- This field contains the minimum length of the password. 5 to 20 characters are supported for this field. If the Complex password required check box is checked; then, the minimum password length must be at least eight characters.
- Minimum password reuse cycle
- This field contains the number of previous passwords that cannot be reused. Up to five previous passwords can be compared. Select 0 to allow the reuse of all previous passwords. The default value for this field is 0 (disabled).
- Minimum password change interval (hours)
- This field contains how long a user must wait between password changes. A value of 0 to 240 hours are supported. The default value for this field is 0 (disabled).
- Maximum number of login failures (times)
- This field contains the number of failed login attempts that are allowed before the user is locked out for a period of time. A value of 0 to 10 is supported. The default value for this field is 0 (disabled).
- Lockout period after maximum login failures (minutes)
- This field specifies how long (in minutes), the IMM2 subsystem will disable remote login attempts from all users after detecting more than five sequential login failures from any user.
- Minimum different characters in passwords
- This field specifies the number of characters that must be different between the new password and the previous password. A value of 0 to 19 is supported.
- Factory default 'USERID' account password must be changed on next login
- A manufacturing option is provided to reset the default USERID profile after the first successful login. When this checkbox is enabled, the default password must be changed before the account can be used. The new password is subject to all active password enforcement rules.
- Force user to change password on first access
- After setting up a new user with a default password, selection of this check box will force that user to change their password the first time the user logs in.
Give feedback