Password policies limit the set of acceptable passwords with the intention to maximize password security while keeping usability on a reasonable level.
Password policy checks
- IAM can check passwords for the following properties:
- Length (minimum and maximum)
- Allowed, forbidden and required sets of characters
- Minimum password age (to prevent to frequent password changes)
- How easy passwords are to guess
- Password history
Password policy enforcement
Password policies can be enforced in the following situations:
- User self-registration
- Password change (voluntary or mandatory)
- Password-reset self-service
- Password generation
- Login: users may be forced to change the password if it does no more meet the policy.
Password policy configuration
Password policies can be configured in different ways:
- Using plugin Simple Password Policy: Password policy that allows configuring the most common password policy checks.
- Using plugin Customizable Password Policy: allows flexible arbitrary combinations of policy checks.
- Using plugin Active Directory Password Policy: password policy is enforced by external MSAD.