12.1 Editing the password strength policy

You can edit the password strength policy enforced by ID-Synch to include or exclude certain rules, and change values on some rules. You can also apply a Warning status to some rules, meaning that ID-Synch warns the user that the password is weak if the rule is broken, but still accepts it.

To edit the password strength policy enforced by ID-Synch:

Select Password policy from the Security management menu.
Use the drop-down list next to each rule to set the status of the rule, then type a value if required.
Click Update.

See HERE for definitions of the password strength rules supplied with ID-Synch.

12.1.1 Password strength rules

Offer the user N random passwords: (Req/Warn) Display some randomly-selected passwords that the user may choose as a new password value.
Minimum length: (Req/Warn) The smallest number of characters that a legal password must have.
Maximum length: (Req/Warn) The largest number of characters that a legal password can have.
Start with a letter?: (Req/Warn) Enable to require all passwords to start with a letter. Useful for compatibility with some systems.
Minimum no. of letters: (Req/Warn) The smallest number of letters that a password must contain.
Maximum no. of lower-case letters: (Req/Warn) The largest number of lower-case letters that a legal password can contain.
Maximum no. of upper-case letters: (Req/Warn) The largest number of upper-case letters that a legal password can contain.
Require mixed case?: (Req/Warn) Enable if passwords should have both uppercase and lowercase characters.
Minimum no. of digits: (Req/Warn) The smallest number of digits that a legal password must contain.
Minimum no. of digits inside: (Req/Warn) Same as minimum digits, but not counting the first or last character of the password.
Minimum no. of punctuation marks: (Req/Warn) The smallest number of punctuation marks that a legal password must contain.
Maximum no. of punctuation marks: (Req/Warn) The largest number of punctuation marks that a legal password can contain.
Minimum no. of punctuation marks inside: (Req/Warn) Same as minimum punctuation marks, but not counting the first or last character of the password.
Mainframe compatible?: (Req/Warn) Intended for mainframe compatibility (can have up to 8 chars; alpha/num or @$#, and must start with a letter).
Maximum no. of character pairs: (Req/Warn) The maximum number of pairs of the same character appearing consecutively in new, legal password values.
Not the user name?: (Req/Warn) The user's name may not be used as the new password.
Not the user name backwards?: (Req/Warn) Same as above but with the letters in the name reversed.
Not a rearranged user name?: (Req/Warn) Same as above but with the letters in the name rearranged in any way.
User name not contained in password?: (Req/Warn) The user's name may not form part of the new password.
User name backwards not contained in password?: (Req/Warn) Same as above but with the letters in the name reversed.
Does not match the first N characters of the user name: (Req/Warn) The new password may not contain the specified number of characters that begin the user name.
No exact word match from the dictionary: (Req/Warn) A password may not exactly match a dictionary word consisting of four or more letters. For example, the passwords w1o2r3d or word123 are valid. The password word is not valid.
No words from the dictionary: (Req/Warn) The password, stripped of non-letter characters, may not match a word (consisting of four or more letters) from the dictionary. For example, the password word123 is not valid.
No words from dictionary contained within password: (Req/Warn) A password, stripped of non-letter characters, may not contain a dictionary word. For example, the password
xyzword123 is not valid.
No rearranged words from the dictionary: (Req/Warn) A password, stripped of non-letter characters, may not be a dictionary word rearranged. For example, the password w1o2r3d4xyz is valid. The password rdow123 is not valid.
Require password to be approved by this plug-in: (On/Off) An external program is called, to verify that a password is acceptable.

Next: 12.2 Adding new rules Up: 12. Defining a Password Previous: 12. Defining a Password Contents Index

ID-Synch™ is an access management solution developed by M-Tech.
The full current version of this guide, shipped with the ID-Synch software, contains detailed reference information not included in this version.

| Glossary | Feedback/Help | ©2003 M-Tech Information Technology, Inc. | Privacy policy

	ID-Synch™ is an access management solution developed by M-Tech. The full current version of this guide, shipped with the ID-Synch software, contains detailed reference information not included in this version.
	\| Glossary \| Feedback/Help \| ©2003 M-Tech Information Technology, Inc. \| Privacy policy