Authentication

To change the Password policies, select Authentication from the left hand menu. The Password Policy menu will appear.
  • Policy Type
    : Lists the types of password policies.
  • Policy Value
    : Enter in the value you wish the password policy to have.
  • Actions
    : In this column you are able to Delete Password Policies from your configuration.
  • Add Policy:
    Select the password policies you would like to implement for your applications from the drop-down list in the upper right corner of the Password Policy list. The password policies that are available are:
    • Expire Password:
      How many days until your password will expire.
    • Hashing Iterations
      : This value specifies the number of times a password will be hashed before it is stored or verified. The default value is 20,000. This hashing is done in the rare case that a hacker gets access to your password database. Once they have access to the database, they can reverse engineer user passwords. The industry recommended value for this parameter changes every year as CPU power improves. A higher hashing iteration value takes more CPU power for hashing, and can impact performance. You'll have to weigh what is more important to you i.e. performance or protecting your passwords stores. There may be more cost effective ways of protecting your password stores.
    • Special Characters
      : The number of special characters like '?!#%$' are required to be in the password string.
    • Uppercase Characters
      : The number of uppercase letters.
    • Lowercase Characters:
      The number of lower case letters.
    • Minimum Length
      : The minimum amount of characters that the password must have.
    • Not Username
      : Cannot use the username as the password.
    • Hashing Algorithm:
      Passwords are not stored as clear text. Instead they are hashed using standard hashing algorithms before they are stored or validated. The only built-in and default algorithm available is PBKDF2. See the Server Developer Guide on how to plug in your own algorithm. Note that if you do change the algorithm, password hashes will not change in storage until the next time the user logs in.
    • Not Recently Used
      : This policy saves a history of previous passwords. The number of old passwords stored is configurable. When a user changes their password they cannot use any stored passwords.
    • Password Blacklist:
      This policy checks if a given password is contained in a blacklist file, which is potentially a very large file.
    • Regular Expression:
      Define one or more Perl regular expression patterns that passwords must match.
    • Digits:
      The number of digits required to be in the password string.
      Authentication
Click [Save] to update the password policies that you have configured or deleted.
Click [Cancel] to discard any changes made.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.