17.4.1.1.1. Password management

Password management summarizes all settings related to handling passwords, e.g. generation, change, reset, policies, etc.

The settings for password management are bundled at MAIN SETTINGS > Password Settings.

The Password Settings must be referenced in Loginapp >> Password Management.

Password change

All configuration options related to changing a user password are summarized within the Password Change settings. Please refer to the plugin documentation (information.svg) directly in the Config Editor.

If a user is logged in he can change the password by navigating to /password-change.

Note that an external password service (e.g. Active Directory) may demand the user to change the password. This is recognized by Airlock IAM and the user gets a mandatory password change page during the login process. 

Password policies

Password requirements, e.g. the minimal length, required characters and much more can be enforced by Airlock IAM. To configure the policies in Airlock IAM, use one of the provided Password Policy plugins.

 It is also possible to connect to an Active Directory and use its password policies directly.

Normally, password policies are only checked during a password change but it can also be enabled during login, which can be handy to enforce a new policy. If it does not pass the checks, the user is forced to change the password to comply with the password policy.

For how to use the individual Password Policy plugins, please refer to the plugin documentation (information.svg) directly in the Config Editor.

OWASP has published a list of commonly used special characters that are present on US keyboards and therefore should be expected in passwords. Special care has to be taken with certain of these characters if the password also has to be propagated to third-party systems. In particular, quotes or spaces are a source of potential issues for some third-party systems.