Password and Passphrase Security › Password Controls › Specifying Passwords

Specifying Passwords

Security administrators can select from an extensive group of password control options to establish installation wide password change rules. CA Top Secret defaults to the following rules for password changes:

• The new password cannot be the same as the current password
• The new password cannot be exactly the same as any of the user’s previous passwords (up to 64)

Additionally, if the NEWPW control option is left at its default, the following rules will be in effect:

• The new password cannot be a close variant of the user’s previous password: NEWPW(TS) It is considered too similar if:
  • The first three characters are identical
  • The second three characters are identical
  • The last three characters are identical
• Passwords can not be changed more than once per day: NEWPW(MINDAYS=1) This interval does not affect:
  • SCAs and LSCAs who can change passwords as often as they want
  • Users who select the random password feature and can change their passwords as often as they want
• Passwords must be at least four characters: NEWPW(MIN=4)
• Passwords cannot contain repeating characters: NEWPW(NR=0)
• Passwords that match entries in a restricted password list are not allowed
• Passwords that match the userid or the first four characters of any word in the associated personal name field are not allowed: NEWPW(ID)

These, and additional rules can be implemented through the NEWPW control option. Refer to the Control Options Guide for a complete list.