A user account in SystemWeaver is required to have a user name and either a password or a network ID. This article describes the various password settings that are available to administrators using the swAdmin client.
- Setting a Minimum Password Length
- Limiting the Reuse of Old Passwords
- Enforcing Password Change on Schedule
- Prompting Initial Password Change
The password requirements/policy is set on the Security tab.
Setting a Minimum Password Length
Users can change their password via Options at any time. To enforce a minimum number of characters for new passwords, enter a value in Min password length. For example, if you enter the number 8, users will be required to have a minimum of 8 characters in their passwords. The system default minimum length is 4 characters.
Note that when setting a new minimum length, existing shorter passwords will not be affected until the user wants to change to a new password.
Limiting the Reuse of Old Passwords
To stop users from reusing old passwords too quickly, the Quarantine period (days) allows you to set the number of days that must pass before they can reuse one of their an old passwords. The purpose of this setting is to prevent a user from reusing their favorite password by quickly just changing a password the number of times required by the setting according to Number of passwords before reuse is allowed. You have the option of using both of these options or just one.
In Quarantine period (days), enter the number of days until reuse of an old password is allowed.
In Number of passwords before reuse is allowed, enter the number of passwords until reuse of an old password is allowed.
In the below example, users will have to wait 90 days before they can reuse an old password. In addition, they must have first set three different passwords before they can reuse an old password.
Should a user attempt to set a new password that does not meet the above requirements, they will receive the following message when they try to save the new password:
Enforcing Password Change on Schedule
Users can be forced to change their password on a regular basis. To do this, enter a value in Max password age (days) to specify the number of days after a password was created until the users will be prompted to set a new password.
On that day, users will receive the following prompt when they log in to the system:
Prompting Initial Password Change
To require users to change the initial password set when a new account is created, check the Request password change at login by default box. The purpose of this setting is to minimize possible risks caused by passwords that have been sent via email to users. It also prevents users from saving their notification emails with generated passwords since these will be become obsolete. Note that this feature is also available on the User screen.