Setting the Password Policy

Prerequisites

You have logged in to the NetEco as a security administrator.

Context

• If you disable the password complexity policy items and the item of forcibly changing passwords after they expire, user security reduces. You are advised to enable all password policies provided by the system.
• If the settings of the same policies in the personal policy of a user and the password policy are different, the settings in the personal policy take effect for the user.
• Periodically changing passwords can improve user information security and prevent accounts from being stolen. Exercise caution when disabling the function of periodically changing passwords and modifying a password change period.
• A new password policy does not affect the existing passwords.

Procedure

1. Choose System > System Management > User Policies from the main menu.
2. In the navigation pane, choose Password Policy.
3. On the Password Policy page, set the password policy. Some of the policy parameters are described in Table 1.

   Table 1 Parameter description

   Parameter	Description
   Force logout upon password reset	When a user password is reset, all online sessions generated by the user will be logged out.
   Password cannot be an increasing, decreasing, or interval sequence of digits or letters	When setting a user password, the password must meet the following requirements: The password cannot be digits or letters in ascending or descending sequence. For example, the password cannot be abcdef, fedcba, 123456, or 654321. The password cannot contain an ascending or descending arithmetic sequence in consecutive odd digits or even digits. For example, the password cannot be 1a2a3a, 5a3a1a, a2b2c2, or 2e2c2a.
   Password cannot contain words in password dictionary	When you create a user and set the password, the password cannot contain words in the password dictionary. No default password dictionary is provided. You can customize a password dictionary. For example, abcd1234 is a weak password and if it is added to the password dictionary, abcd1234 cannot be used as a user password. In a password dictionary file, passwords are separated by line feeds. In the dictionary, a password that contains more than 128 characters is invalid. NOTE: To update the password dictionary, perform the following steps: Click Download Password Dictionary to download the existing password dictionary and modify it as required. Click and select the modified password dictionary. Click Upload to update the password dictionary.
   Convert strings in password based on conversion rules (refer to help documentation to configure the rules) NOTE: This parameter is displayed only when Password cannot contain words in password dictionary is selected.	If a password contains a character string defined in the string conversion rules, the character string is converted into other characters based on certain rules. The converted password must meet complexity requirements. The string conversion rules define the rules for converting a character or string into an uppercase or lowercase letter. For example, if a rule for converting the string |-|1234 a into x exists in the string conversion rules, and xbcd!123 is contained in the password dictionary, and when the policy is enabled, |-|1234 abcd!123 cannot be used as a user password. NOTE: For details about how to configure the string conversion rules, see "Configuring the String Conversion Rules of User Management". Strings refer to strings consisting of dangerous characters, invisible characters, and characters incurring SQL injection.

4. Click Apply.