Password policies#

Password policies are configured on the Password Policies tab of the “Authentication” section of the Management Console.

:size=80%

Configuring password policies#

The following settings are available:

  • The minimum password length is the number of characters in the password (at least 8 characters is recommended);

  • Password dictionary - a text file containing a list of forbidden passwords is specified. Each password should be on a separate line. If large files are used, it is recommended to upload them directly to the server, and specify the path to the file in the dicPath setting in the blitz.prod.local.idp.password-policy settings block in the blitz.conf file.

  • Character group - sets the minimum required number of character groups in the password. For each character group, you can set the settings in the character group table:

    • Valid characters - a regular expression is used to specify the set of characters of a group. For example, you can expand the allowed characters of numbers by changing the regular expression to the following - [0-9٠-٩], you can expand the allowed character sets of letters - [a-za-я] and [A-ZA-Я], add or remove the allowed special characters - [!@#$%^&*()+-?.,;:’`“{}[]><=~/\_].

    • Minimum characters - how many minimum characters from the group must be used in the password that the group is considered to be involved in the password.

  • Prohibit using old passwords - the setting specifies how many old passwords should be memorized to prevent entering a password from the history of used passwords when setting a new password.

  • Minimum password lifetime - the minimum password lifetime, in seconds; until this time has elapsed, the user will not be allowed to set a new password. If this check should not be performed, the setting should be set to an empty value.

  • Maximum password lifetime - the maximum lifetime of the password, in seconds; once this time expires, the user will be prompted to set a new password. If this check should not be performed, the setting should be set to an empty value.

  • Minimum number of different characters - how many changed characters should be in the new password compared to the previous one (for cases when the user changes the current password to a new one). If this check should not be performed, the setting should be set to an empty value.