Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ User Guide/ Account Security Settings/ Password Policy
Updated on 2025-11-07 GMT+08:00
View PDF
Share

Password Policy

The Password Policy tab of the Security Settings page provides the Password Composition & Reuse, Password Expiration, and Minimum Password Age settings.

Only the administrator can configure the password policy, and IAM users can only view the configurations. If an IAM user needs to modify the policy settings, the user can request the administrator to perform the modification or grant the required permissions.

You can configure the password policy to ensure that IAM users create strong passwords and rotate them periodically. In the password policy, you can define password requirements, such as minimum password length, whether to allow consecutive identical characters in a password, and whether to allow previously used passwords.

The password policy applies only to the IAM users and root user of a Huawei Cloud account. For a Huawei Cloud account that been upgraded to a HUAWEI ID, the password policy does not apply to the root user of the HUAWEI ID. For more information, see How Do I Know What Account I Am Logged In With?

Password Composition & Reuse

Figure 1 Password composition & reuse
  • Ensure that the password contains 2 to 4 of the following character types: uppercase letters, lowercase letters, digits, and special characters. By default, the password must contain at least 2 of these character types.
  • Set the minimum number of characters that a password must contain. The default value is 8 and the value range is from 8 to 32.
  • (Optional) Enable the Restrict consecutive identical characters option and set the maximum number of times that a character is allowed to be consecutively present in a password. For example, value 1 indicates that consecutive identical characters are not allowed in a password.
  • (Optional) Enable the Disallow previously used passwords option and set the number of previously used passwords that are not allowed. For example, value 3 indicates that the user cannot set the last three passwords that they have previously used when setting a new password.
  • (Optional) Enable Allow IAM users to change their passwords so that all IAM users can change their passwords on the My Credentials page of the new console. The administrator can create the following identity policy and attach it to specified IAM users to prevent them from changing their passwords. If an IAM user is permitted to change its own password and there is an existing denial policy, the Deny principle prevails. Consequently, the respective IAM user will be unable to change its own password. 
    {
	"Version": "5.0",
	"Statement": [{
		"Effect": "Deny",
		"Action": [
			"iam:users:changePasswordV5"
		]
	}]
}

Changes to the password policy will be applied next time you or your IAM users change passwords. IAM users created later will also adhere to the updated password policy.

Password Expiration

To require users need to change their passwords periodically, set a validity period for passwords. The users will be prompted to change their passwords 15 days before password expiration. Expired passwords cannot be used to log in to Huawei Cloud.

This option is disabled by default. The validity period ranges from 1 to 180 days.

This setting will be immediately applied for both your account and IAM users under your account.

After the password expires, users need to set a new password through the URL sent by email. The new password must be different from the old one.

Minimum Password Age

To prevent password loss due to frequent password changes, you can set a minimum period after which users are allowed to change their passwords.

This option is disabled by default. If you enable this option, you can set a period from 0 to 1,440 minutes.

This setting will be immediately applied for both your account and IAM users under your account.