Policy Server GuidesPolicy Design GuidePassword Policies › Configure Password Restrictions

Previous Topic: Configure Regular Expression Matching

Next Topic: Configure Advanced Password Options

Configure Password Restrictions

Using password policies, you can place restrictions on password usage. The restrictions include how long a user must wait before reusing a password and how different the password must be from ones previously selected. You can also prevent users from specifying words that you determine are a security risk or contain users’ personal information.

You use the Restrictions tab in the Password Policy Properties dialog to configure password restrictions.

Note: Password restrictions are optional. Enter a value for restrictions you want to enable. If you do not want to enable a restriction, leave the field blank.

Note: When you create or modify a Policy Server object in the Policy Server User Interface, use ASCII characters. Object creation or modification with non-ASCII characters is not supported.

To configure password restrictions

  1. In the Password Policy Properties dialog, select the Restrictions tab.
  2. In the Reuse group box, specify requirements for reusing passwords:
    1. In the Minimum number of days before reuse field, specify the number of days a user must wait before reusing a password.
    2. In the Minimum number of passwords before reuse field, specify the number of new passwords a user must use before reusing an old one.
  3. In the Change Required group box, specify how different new passwords must be from old ones by completing the following steps:
    1. In the Percent different from last password field, specify the percentage of characters within a new password that must be different from the last password.
    2. To ignore the position of the characters in the password when determining the percentage, select the Ignore sequence when checking for differences check box.
  4. In the Match Length field in the Profile Attributes group box, specify the number of consecutive characters the password policy compares to personal information stored in user profiles.
  5. In the Dictionary group box, complete the following steps to have Password Services check passwords against a user-defined dictionary:
    1. In the Path field, specify the location of the user-defined dictionary file.
    2. In the Match Length field, specify the minimum length of words checked against the dictionary.
  6. Click Apply to save the changes or click OK to save the changes and return to the Policy Server User Interface.

More information:

Password Policy Dialog—Restrictions Tab