Password Restrictions

The Password Restrictions tab enables you to determine system settings for user passwords. You can override system password settings for individual users in SBM Application Administrator.

Users with an invalid password who attempt to log in are immediately directed to the Change Password page and must provide a valid password before logging in. For example, if a user's password expires, that user must provide a new password before he or she can log in to the system.

SBM maintains a count of the invalid login attempts that occur per user ID while the server is running. However, the number of invalid log in attempts that occur over a period of time is not recorded. In other words, time does not play a role with respect to the number of invalid login attempts. If the server is restarted for any reason, the invalid login count is reset to zero for all user IDs. Also, the count for invalid login attempts for a user is reset after the next successful log in.

Internal Password Expiration Options

Configure expiration settings for user passwords. If you choose not to set a password expiration time, you can prevent users from changing their passwords.

Select one of the following options:

Internal Password Complexity Options

You can specify certain requirements for passwords, such as a minimum length, special characters, or uniqueness from a certain number of past passwords.

By default, the No minimum length option is selected. To specify a minimum number of characters for passwords, select the Minimum length of option, and then specify the minimum number of required characters in the characters field.

The first three options evaluate passwords separately from the special characters option. For example, you do not need to require users to provide special characters in their passwords to require them to include a number.

Depending on the version of SBM you are using, these options may not apply and should not be selected for best results. For example, if you are using the Japanese version, do not select the Must include an uppercase letter or Must include a lowercase letter options.

By default, the No historical validation option is selected. To require users to create unique passwords, select the Cannot match last option, and then specify the number of passwords that must be unique in the passwords field.

Related Topics

Authentication