Password Policy

See Also

• Serial Numbers
• Users
• Groups
• Email Server
• Encrypt/Decrypt
• Blowfish User Keys
• Repositories

The Password Policy window allows you to set the password security policy for SourceAnywhere.

Window Items

Enable password policy

Sets password security. If you don't need high security, just uncheck this box and the following settings are all disabled.

Minimum password length

Determines the least number of characters that a password for a user account may contain. Long passwords--seven or more characters--are usually stronger than short ones.

Combining this setting with Password must meet complexity requirements can make the password very difficult for an attacker to guess.

Enforce password history

With this setting, users cannot use the same password as the old when their password expires.

This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.  This policy enables administrators to enhance security by ensuring that old passwords are not reused continually.

For example, your old passwords are Mary, Mike, Mila in turn, if the password history keep count is 2, your new password could not be Mike or Mila.

Password must meet complexity requirements

Sets password complexity required. Password complexity indicates the value of a password should contain characters from three of the following four categories:

• English uppercase characters (A through Z)
• English lowercase characters (a through z)
• Base 10 digits (0 through 9)
• Non-alphabetic characters (for example, !, $, #, %)

For example, the following values are legal:

Michael123
$Money$
1860@football

Combining this setting with Minimum password length can make the password very difficult for an attacker to guess.

Password never expire

Enables no time limit for password to be used. If unchecked, please specify Maximum password age.

Maximum password age

Determines the period of time (in days) that a password can be used before the system requires the user to change it.

With this setting, if an attacker cracks a password, he only has access to the network until the password expires. Also, since the password is forced to keep changing, it is difficult for attackers to crack.

Lock out user after

Disables a user account if an incorrect password is entered a number of times specified in the unsuccessful login attempts box. If selected, please specify User lock out duration.

This setting helps you to prevent attackers from guessing users' passwords, and it decreases the likelihood of successful attacks on your network

User lock out duration

Determines the period of time (unit: minute) that user status will be locked. Over the specified period, the user account will be unlocked.