In PassPort, a password policy is a set of rules and conditions for valid passwords, such as character length, case requirements and validity periods. The policy applies to all users.
By default, the PassPort password policy is very restrictive to protect production environments. In some cases, for example in test environments, it may be useful to define a more permissive password policy.
Every time you create a new user, PassPort sends an email to the email address provided for that user. This email communicates the password for the user. If the SMTP server address provided during PassPort installation is incorrect (the SMTP server address can always be changed through the Global Settings) then the email containing the password will not be received by the user, with the consequence that the user will not be able to connect.
To solve this problem, or If no SMTP server is available, you can change the default policy to set a default password that replaces the randomly generated password. PassPort will still attempt to send the email and fail, but the password can still be known from the policy definition.
To create a new password policy for non-production environments:
Field | PassPort default policy value | Suggested minimum value for tests |
---|---|---|
Format section | ||
Minimum password length | 8 | 1 |
Minimum numeric characters | 2 | 0 |
Minimum alpha characters | 2 | 0 |
Minimum different unique characters | 1 | 0 |
Minimum lower-case characters | 1 | 0 |
Minimum upper-case characters | 1 | 0 |
Initial password section | ||
Generation method | Automatic | User ID |
Default password | __ | PassPort01 (you cannot alter this value) |
Test password section | ||
Enter password | __ | (allows policy conformity test) |
Reuse section | ||
Times before password can be reused | 20 | 0 |
Days before password can be reused | 365 | 0 |
Minimum different unique characters | 1 | 1 |
Timeouts and lockouts section | ||
Login retries before lockout | 3 | 99 |
Lockout length ( minutes) | 30 | 0 |
Validity period section | ||
Maximum das before passwords expire | 180 | 999 |
Days before expiration to warn users | 1, 2 | 1, 2 |
Password expiration notification time | 0:0 | 0:0 |
Note: You do not need to delete the old policy. This new policy will be used in its place.