Password Rule and Policy
| Item | Options | Function |
|---|---|---|
| Minimum password length | 8-20 | Input a value from 8 to 20. The minimum number of characters that can be used to specify a valid password. The length value will take affect right after the value get changed. “Save Setting” from Main Menu if would like to keep setting after system reboot. |
| Password expiration period | 0-365 | Input a value from 0 to 365. The number of days a password may be used before it must be changed. If set to 0 the passwords never expire. |
| Password expiration warning period | 0-365 | Input a value from 0 to 365. The number of days before receiving a warning about the expiration of the password. If set to 0 the passwords never warned. |
| Minimum password change interval | 0-240 | Input a value from 0 to 240. The number of hours that must elapse before changing a password. The value specified for this setting cannot exceed the value specified for the “Password expiration period”. If set to 0 the passwords may be changed immediately. |
| Minimum password reuse cycle | 0-10 | Input a value from 0 to 10. The minimum number of times a unique password must be set before reusing a previous password. If set to 0 the passwords may be reused immediately. The reuse cycle value will take affect right after the value get changed. “Save Setting” from Main Menu if would like to keep setting after system reboot. |
| Maximum number of login failures | 0-100 | Input a value from 0 to 100. The number of login attempts that can be made with an incorrect password before the user account is locked out. The account is locked out for the time specified in “Lockout period after maximum login failures”. If set to 0 accounts are never locked. The failed login counter is reset to zero after a successful login. |
| Lockout period after maximum login failures | 0-2880 | Input a value from 0 to 2880. The number of minutes that must pass before a locked out user can attempt to login. Entering a valid password does not unlock the account during the lockout period. If set to 0 the accounts will not be locked out even if the “Maximum number of login failures” is exceeded. |
When password is expired, system should pop out menu to inform user the password is expired and ask user to set new password or not. If user select YES, direct user to set password menu. If user selects NO, the expired password will be cleared. The warning message is “The password is expired. Press <Y> to set new password Press <N> to clear password”.
If the password reach Password expiration warning period, after user input correct password for POP or PAP, system should pop out “The password is going to be expired in “x” days.” message where “x” stands for numbers of days password to be expired.
If users try to change password when the time doesn’t exceed Minimum password change interval, system should pop out “The password can’t be changed because the “Minimum password change interval” time is not exceeded.” warning message.
When users try to set minimum password change interval to be a number exceed the value specified for the password expiration period or reverse, system should pop out “Minimum password change interval” can’t exceed the value specified for the “Password expiration period”.warning message.
System should pop out warning message when the wrong password is entered “Incorrect password entered.” If maximum login failures is set add the following “The system will be locked in Y attempts.”
System should pop out “The system is locked due to the “maximum number of login failures” being exceeded. System will be unlocked in Y minutes.” warning message to notify users the system will be locked when users reach maximum number of login failures.
System should pop out “The password does not meet the minimum password complexity requirements. Please check the help for “Set Power-On Password” or “Set Administrator Password” settings.” warning message to notify users when the inputted passwords don’t meet the password rules.
When system is in lock state, system should show “The system is locked due to the “maximum number of login failures” being exceeded. System will be unlocked in Y minutes.” Warning message on screen to notify users system is in lock state and also the time for system kept in lock state. “Y” value is depended on Lockout period after maximum login failures setting.
If users try to set a password that is the same as the old password in reuse cycle. System should pop out “The password failed to meet the “Minimum password reuse cycle” requirements.” where x is the Minimum password reuse cycle.
System reset or DC, and AC cycle should not release system from a lockout state. Only when the end of lockout time is reached, system can release from lockout state.
UEFI will store a timestamp variable when system need to be lockup and will compare the variable with current timestamp when boot if the variable existed.
Password rule and policy setting will not support change through ASU in GA.