Chapter 15: Advanced Administration
269
Require strong passwords for all users
1. Choose Administration > Security.
2. Click the Login Settings tab.
3. Select the Strong Passwords Required for All Users checkbox.
4. Select a Maximum Password Length. Passwords must contain fewer
than the maximum number of characters.
5. Select a Password History Depth. The number specifies how many
previous passwords are kept in the history and cannot be reused.
For example, if Password History Depth is set to 5, users cannot
reuse any of their previous five passwords.
6. Select a Password Expiration Frequency. All passwords expire after
a set number of days. After a password expires, users will be asked
to choose a new password the next time they log in.
7. Select Strong Password Requirements:
Passwords must contain at least one lowercase letter.
Passwords must contain at least one uppercase letter.
Passwords must contain at least one number.
Passwords must contain at least one special character (for
example, an exclamation point or ampersand).
8. Click Update to save your changes.
About CC-SG passwords
All passwords must meet all criteria that the administrator configures.
After configuring strong password rules, all future passwords must meet
these criteria. All existing users must change their passwords at their
next logins if the new criteria are stronger than the previous criteria.
Strong password rules apply only to user profiles stored locally.
Password rules on an authentication server must be managed by the
authentication server.
In addition, any four contiguous characters in the user name and the
password cannot match.
Strong password rules require users to observe strict guidelines when
creating passwords, which makes the passwords more difficult to guess
and, in theory, more secure. Strong passwords are not enabled in
CC-SG by default. A strong password that includes all strong password
parameters is always required for the CC Super-User.
You can use the Message of the Day feature to provide advanced notice
to users when the strong password rules will be changing and what the
new criteria are.