Creating a password policy in PassPort

About the password policy

In PassPort, a password policy is a set of rules and conditions for valid passwords, such as character length, case requirements and validity periods. The policy applies to all users.

By default, the PassPort password policy is very restrictive to protect production environments. In some cases, for example in test environments, it may be useful to define a more permissive password policy.

Every time you create a new user, PassPort sends an email to the email address provided for that user. This email communicates the password for the user. If the SMTP server address provided during PassPort installation is incorrect (the SMTP server address can always be changed through the Global Settings) then the email containing the password will not be received by the user, with the consequence that the user will not be able to connect.

To solve this problem, or If no SMTP server is available, you can change the default policy to set a default password that replaces the randomly generated password. PassPort will still attempt to send the email and fail, but the password can still be known from the policy definition.

Procedure

To create a new password policy for non-production environments:

  1. In the PassPort user interface, select Access > Password policies.
  2. On the toolbar, click the New password policy icon.
  3. PassPort opens an editing screen for the new password.
  4. Complete the fields with values that correspond to your security requirements. For a temporary test environment we suggest values such as the following:
    5. Field PassPort default policy value Suggested minimum value for tests
    Format section
    Minimum password length 8 1
    Minimum numeric characters 2 0
    Minimum alpha characters 2 0
    Minimum different unique characters 1 0
    Minimum lower-case characters 1 0
    Minimum upper-case characters 1 0
    Initial password section
    Generation method Automatic User ID
    Default password __ PassPort01 (you cannot alter this value)
    Test password section
    Enter password __ (allows policy conformity test)
    Reuse section
    Times before password can be reused 20 0
    Days before password can be reused 365 0
    Minimum different unique characters 1 1
    Timeouts and lockouts section
    Login retries before lockout 3 99
    Lockout length ( minutes) 30 0
    Validity period section
    Maximum das before passwords expire 180 999
    Days before expiration to warn users 1, 2 1, 2
    Password expiration notification time 0:0 0:0
  5. Click Save.

Note: You do not need to delete the old policy. This new policy will be used in its place.