Using a password policy

In the SecureAuth Identity Store, use a password policy to define password complexity rules and include deny lists. Deny lists can include words, fragments of words, and symbols not allowed in a user password.

You can define multiple password policies, but you only associate one password policy to each identity store instance. For example, you might have a certain password policy for the default identity store, and a different one for a secondary identity store.

If there are password complexity rules in the Identity Platform for applications that uses a SecureAuth Identity Store, it runs those password checks first before running the password checks from the Identity Store password policy.

ids_pw_policy_001.png
  1. Open the SecureAuth Identity Store in any of the following ways:

    • Get a URL link from your administrator to the Identity Store UI.

    • In the SecureAuth Identity Platform, on the left side of the page, click Identity Store.

  2. In the Identity Store, on the left side of the page, click Password Policies.

  3. Do one of the following:

    • To add a new password policy, click Add Password policies and give it a name.

    • To edit a password policy, click the name of the password policy to edit.

  4. Set any of the following password policy rules:

    Password Deny List

    Include one or more deny lists.

    This allows you to include a list of words, fragments of words, and symbols not allowed in any part of a user password.

    Password Expiration section

    Password Expires Days

    Set how many days a password is valid.

    For example, a password is valid for 180 days.

    Password Warn Days

    Set the number of days before a password expires; this sends a notification to the user.

    For example, set it to warn the user 10 days before their password expires. This gives them the opportunity to change their password ahead of time.

    Password Complexity section

    Allowed to contain the user's account name

    Move the slider to allow the username in the password.

    For example, John Smith uses jsmith as his username to login. If the slider is set to ON, then it allows jsmith as part of his password.

    Number of previous password to keep

    Set how many previous passwords to remember in the Identity Store.

    For example, setting it with a value of 5 discourages users from reusing a previous password. This also prevents them from alternating and reusing any of their last five passwords.

    Days since last password change

    Set the minimum number of days between password changes.

    For example, setting it to 7 means the user cannot change a password for at least seven days.

    Minimum length of password

    Set the minimum password length.

    For example, a setting of 20 requires that a password must contain at least 20 characters.

    Minimum number of letters, symbols, and number

    Set the minimum number of the character sets to include in the password requirements. The character sets are in the following fields: numbers, symbols, uppercase and lowercase letters.

    For example, if the value is set to 2, the password must contain at least one from the following defined character set and at least one that is not defined, like p@ssword.

    If the value is set to 4, then it could require at least one of each character set, like p@ssW0rd. This depends on the following settings in each character set.

    Numbers (0-9)

    Set the minimum number of numeric characters in a password.

    For example, a value of 1 requires that at least one number must be included in a password, like passw0rd.

    Symbols (all symbols accepted)

    Set the minimum number of symbol characters in a password.

    For example, a value of 1 requires that at least one symbol must be included in a password, like p@ssword.

    English uppercase (A-Z)

    Set the minimum number of uppercase letters in a password.

    For example, a value of 1 requires that at least one uppercase letter must be included in a password, like passWord.

    English lowercase (a-z)

    Set the minimum number of lowercase letters in a password.

    For example, a value of 1 requires that at least one lowercase letter must be included in a password, like pASSWORD.

  5. Save your changes.

Next steps

When you add or update an identity store, you must associate a password policy.