Password Policy Field Options

Table 5-56: Password Policy Field Options
Field	Description
Allow user(s) to change password?	Allows users assigned to the security policy to change their own password. Your selection enables (`Yes`) or disables (`No`) all the options on the Password Policy tab.
# of passwords before a repeat is allowed	Checking this option means the same password cannot be used until the user has changed passwords n times, where n is the number specified by the administrator. If this field was `5`, for example, 5 different passwords must be used before the original password can be reused. This field is normally used in conjunction with the Enforce minimum password age field.
Enforce minimum password age	Checking this option means that a user cannot change their password until the specified number of days have passed. This field is normally used in conjunction with the # of passwords before a repeat is allowed field. Together these two fields prevent users from repeatedly changing their password in a single session until the repeat parameter is met, thus getting back to their current password.
Enforce maximum password age	Checking this option means that a user's password expires n days after the last change, where n is the number of days specified by the administrator. If this field is unchecked, it means that the password never expires and the user would never be prompted to change it. Checking this field also enables the Prompt user for password expiry checkbox.
Prompt user for password expiry within	Checking this option means that the user starts to receive warning messages whenever that their password is about to expire when they log in. It also asks them if they would like to change it, thus resetting the expiry counter. The warning message is shown every time the user logs in from the day the messages starts until they either change their password or it expires. This field is only available if the Enforce maximum password age is checked.
Enforce password complexity	Checking this option enables all of the checkboxes below: Passwords must not contain restricted words – check to display the Restricted Words tab (Restricted Words Options) and prevent the use of words/phrases defined there. Passwords must be at least n characters in length – check to require a minimum number of characters in the password. Password must contain at least 1 Upper case character (A to Z) – check to require at least one capital letter be used in the password. Password must contain at least 1 lower case character (a to z) – check to require at least one lowercase letter be used in the password. Password must contain at least 1 number (0 to 9) – check to require at least one number be used in the password. Password must contain at least 1 non-letter (such as !,$,#) – check to require at least one special character be used in the password: `!` `@` `#` `$` `^` `&` `` `(` `)` `_` `-` `+` `=` `[` `]` `<` `>` `:` `;` or `~` Note:* The password expiration warning message can be modified in the General Preferences (General System Parameters List)

Allow user(s) to change password?

Allows users assigned to the security policy to change their own password. Your selection enables (Yes) or disables (No) all the options on the Password Policy tab.

# of passwords before a repeat is allowed

Checking this option means the same password cannot be used until the user has changed passwords n times, where n is the number specified by the administrator. If this field was 5, for example, 5 different passwords must be used before the original password can be reused. This field is normally used in conjunction with the Enforce minimum password age field.

Enforce minimum password age

Checking this option means that a user cannot change their password until the specified number of days have passed. This field is normally used in conjunction with the # of passwords before a repeat is allowed field. Together these two fields prevent users from repeatedly changing their password in a single session until the repeat parameter is met, thus getting back to their current password.

Enforce maximum password age

Checking this option means that a user's password expires n days after the last change, where n is the number of days specified by the administrator. If this field is unchecked, it means that the password never expires and the user would never be prompted to change it. Checking this field also enables the Prompt user for password expiry checkbox.

Prompt user for password expiry within

Checking this option means that the user starts to receive warning messages whenever that their password is about to expire when they log in. It also asks them if they would like to change it, thus resetting the expiry counter. The warning message is shown every time the user logs in from the day the messages starts until they either change their password or it expires. This field is only available if the Enforce maximum password age is checked.

Enforce password complexity

Checking this option enables all of the checkboxes below:

Passwords must not contain restricted words – check to display the Restricted Words tab (Restricted Words Options) and prevent the use of words/phrases defined there.
Passwords must be at least n characters in length – check to require a minimum number of characters in the password.
Password must contain at least 1 Upper case character (A to Z) – check to require at least one capital letter be used in the password.
Password must contain at least 1 lower case character (a to z) – check to require at least one lowercase letter be used in the password.
Password must contain at least 1 number (0 to 9) – check to require at least one number be used in the password.
Password must contain at least 1 non-letter (such as !,$,#) – check to require at least one special character be used in the password: ! @ # $ ^ & * ( ) _ - + = [ ] < > : ; or ~

Note: The password expiration warning message can be modified in the General Preferences (General System Parameters List)