Administration GuideManage User Accounts and PasswordsCreate a Password PolicyHow to Set Account Expiry Rules › Set the Minimum Life Span of Passwords

Previous Topic: Set Accounts with an Old Password to Expire

Next Topic: Set the Number of Grace Logins
Set the Minimum Life Span of Passwords

You can set the minimum life span of a password. This is the number of days since a password was changed until it can be changed again.

You can use this to prevent people from changing their password many times to fill up the password history.

To set the minimum life span of passwords, use the following command:

set password-min-age = number-days | 0 ;

Example: Set Password History Rules

You want to make users change their passwords at least every two weeks, and you want to prevent users from reusing any of their last 20 passwords.

However, you also want to prevent them from changing their password more than once a day to "flush" their password history.

To do this, use the following commands:

set password-policy = true;
set password-age = 14;
set password-history = 20
set password-min-age = 1;

More information:

set password-age Command

set password-history Command

set password-min-age Command