Previous Topic: Create a Password PolicyNext Topic: SAM Endpoint and Shared Account Creation


Password Composition Rules

When you create a password policy, you can define the content requirements for new passwords.

Important! When you configure password composition rules, consider the maximum password length when you set the requirements. If the total number of required characters exceeds the maximum password length then all passwords are rejected.

CA ControlMinder Enterprise Management provides the following password composition rules for privileged accounts:

Minimum password length

Defines the minimum number of characters that passwords must contain.

Maximum password length

Defines the maximum number of characters that passwords can contain.

Maximum repeating characters

Defines the maximum number of repeating characters passwords can contain.

For example, if you set this value to 3, the string “aaa” cannot appear in the password but “aa” can.

Upper case letters (u for pattern)

Specifies whether passwords can contain uppercase letters and, if so, defines the minimum number of those that passwords must contain.

Lower case letters (c for pattern)

Specifies whether passwords can contain lowercase letters and, if so, defines the minimum number of those that passwords must contain.

Letters (l for pattern)

Specifies whether passwords can contain alphabetic characters and, if so, defines the minimum number of those that passwords must contain.

Digits (d for pattern)

Specifies whether passwords can contain digits and, if so, defines the minimum number of those that passwords must contain.

Letters or digits (a for pattern)

Specifies whether passwords can contain alphanumeric characters and, if so, defines the minimum number of those that passwords must contain.

Punctuation (p for pattern)

Specifies whether passwords can contain punctuation or special (non-alphanumeric) characters and, if so, defines the minimum number of those that passwords must contain.

Any (* for pattern)

Specifies that passwords can contain any characters. If you select this option, CA ControlMinder Enterprise Management automatically selects all other character content definitions.

Use Pattern

Specifies that, instead of defining the character content definitions, you define a pattern that the password must use.

Examples:

Prohibited Characters

Defines the characters that cannot be used when creating or modifying a privileged account password.