Password policy

Security ► Password policy

By default, NAM uses local authentication when an administrator manually creates user accounts that are validated against a password policy.

  • Password policies are applicable only to local users.
  • When you enable LDAP Authentication, you cannot create password policies.
  • Password policies can be modified only by a user with a role of System Administrator or Report Administrator.

Password policy overview

Most password policy settings are self-explanatory, but be sure to review the following points:

Password history determines the number of passwords that will be stored in the database.

  • For low-security, a value of -1 means that when a password expires, a user can enter the same password again on reset.
  • For high-security, a value of 50 means that the last 50 passwords are checked. If a user attempts to reuse one of the previous 50 passwords, the attempt is rejected.

Unsuccessful Login Attempts determines the number of times a user can attempt to sign in before being locked out.

  • For low-security, a value of -1 means that a user can try to sign in an unlimited number of times
  • For high-security, a value of 5 means that the account will be deactivated after five consecutive failed sign-in attempts.

Setting password policy

  1. Open Security ► Password policy.
  2. Review the settings and change them as needed.
    Security setting determines the overall password policy:
    • low-security
      By default, Security setting is set to low-security, which requires a six-character minimum password, but has no minimums on numbers, characters, or special characters to be used, and would have no expiration age requiring resets.
      You cannot edit low-security policy settings. They are predetermined.
    • high-security
      The high-security policy has stronger password requirements.
      You cannot edit the high-security policy settings. They are predetermined.
    • custom
      Set Security setting to custom if you want to create your own password policy.
      Selecting custom enables the other fields for editing, so you can determine your own password requirements.
  3. If you changed the Security Settings from the default low-security, click Save.