This function allows your implementation to define a "Strong" password for users accessing the Web. Password "Strength" is defined as a measure of the effectiveness of a user's password in protecting other user's (outside of your implementation) against guessing and other attacks on gaining access to your Web. It essentially lets you define the "type" of password that your users must have to gain access to the Web.
To establish a password "guideline" for your users:
Access Company Configuration Tool / Users / Password Policy.
Click Edit.
When the Password Policy Form displays:
Minimum Password Length: Enter a numeric number to define the length of a user's password.
Minimum Number of Uppercase Characters: To further define the password, enter the minimum number of uppercase characters (e.g., J, G, H, etc.) used within the password.
Minimum Number of Lowercase Characters: Again, for further definition, enter the number of lowercase characters (e.g., j, g, h, etc.) used within the password.
Minimum Number of Numeric Characters: If you wish to allow numbers in your users' password, enter the number here.
Minimum Number of Non-Numeric Characters: Finally, if you wish to use "non-numeric" characters, enter that number here.
Maximum Number of Failed Login Attempts: When a user equals or exceeds the number of times they login and fail, the user account will be locked. Only an authorized user can manually unlock user accounts in Diamond Administration / User Setup.
Number of Minutes to Lock User Account: This is the number of minutes a user's account will remain locked. After the user's account has been locked for the configured amount of time, a successful login by the user will unlock their account.
Number of Days to Force Password Change:When the “Number of Days to Force Password” is changed from 0 to a valid value, all users get updated with a password expiration date. This date is randomly selected by adding a random number from 2 to "Number of Days to Force Password Change.” For example, if the "Number of Days to Force Password Change" was set to 30, a random number between 2 to 30 would be picked for each user, and their password expires date would be set to happen using that number. When the password expires date is initially set, all users are not expiring on the same day. Then whenever the user changes their password (manually through the Web Login or due to password expiration) the password expires date will be set according to the ""Number of Days to Force Password Change.”
Number of Days to Warn User of Password Change: This will determine the number of days when the user will receive a prompt at login that their password is soon to expire. This prompt has the option of changing password or continue with the login.
Number of Previous Passwords Cannot Match: The number entered here determines the number of earlier passwords that cannot be used.
Number of Days in the Past the Passwords Cannot Match: This determines the number of days a user cannot use the same password.
When finished, select Save to retain your entries.
Special Note! Password policy is not enforced until existing users change their password or they create a new user account. There is a new “User must change password at next logon” check box on the User Setup: “Edit User” screen. Administrators can use this check box to force people to change their password and therefore enforce the Password Policy.