Password Policies include the ability to control; the length and complexity of passwords, password expiration and frequency usage, the method for sending new requested passwords, word restrictions, the number of retries allowed, the lockout time for the account if they exceed the number of retries, email alerts for invalid passwords.
'''Multiple password policies''' can be supported by the system. This feature provides for less stringent policies for types of users that infrequently access the system such as external contacts. Alternative password policies can be set for any level in the organizational hierarchy.
'''Maximum Password Update in 24 Hours''' – Sets the maximum number of password changes a user can make within a 24 hour period can be defined. This is to prevent users bypassing the password history restriction by changing their password repeatedly to return to a previously used password. This setting only pertains to password changes by use of "Update Password" by user, not to the "Forgot Password" link or system administrators using "Set Password."
'''Password length''' – the minimum length allowed for a [[Password|password]], between '''6 and 32 characters'''.
'''Data Restrictions''' - passwords set by users can be restricted so values such as first name, last name or organization name cannot be used in the password. Any number of fields can be selected from both the organization or the user profile; standard and custom fields are supported.
In the example above City, Country and Phone fields have been selected from the user's organization record and first name, last name, birthplace and nickname fields have been selected from the user profile.
===Password Complexity===
'''Complexity''' – the level of complexity required in the [[Password|password]], the options are:
* '''Custom Policy''' - a password policy can be custom defined.
<!--'''Algorithm''' – the algorithm that will be used to encrypt the password. The options are:* '''SHA1''' * '''SHA256''' If user attempts to change the Algorithm then as soon as they click Save they will be presented with an alert to inform them that existing passwords for all users will no longer be valid if the password algorithm is changed, and providing them with the opportunity to abandon the change.[[Image:AlgorithmAlert.png|border]]===Custom Policy===
Editor's note: Feature removed with March 2014 upgrade. See ticket 23966 - new password algorithm for SHA-256 with salt hash and stretching -->===Custom Policy===* The '''Compose Custom Password Policy''' table allows you provides the ability to define the custom password policy by enabling that matches your organization's security standards and provides control of each character set type desired (upper case, lower case, numeric and/or symbols) and specifying . You can also specify the minimum number of characters required for that character settype. * The system code character mask used to enforce define your selection will appear in the '''Custom Password Policy''' field. You can also write your own code and paste it into this field if desired.
* The '''Validate Pattern''' button will open a window where you can test various passwords against the policy to see if they will pass or fail.
* The value in the '''Custom Password Policy Description''' field will be displayed to users when setting/changing their password. You can use plain text or html in this field (For example, to insert a line break use ''<br>'')
white-space: -o-pre-wrap;
word-wrap: break-word;"><!--@sslogic('@langid@'='2')--><br>@system.Password Policy - French@<!--@else--><br>@system.Password Policy@<!--@end--></pre>
===Hierarchical Password Policy===