Options for password requirements

Content Platform S Series Node Help

Version
4.0.0
Audience
anonymous
Part Number
MK-HCPS027-02

The options for user-account password requirements are described below.

Minimum password length
Minimum number of characters that a password must contain. Valid values are integers in the range 6 through 64. On a new S Series Node, the default is 8.
The longer the minimum password length, the stronger user account passwords are likely to be. To encourage even stronger passwords, set a minimum number of characters for each of the four character sets listed below.
Uppercase letters (A-Z)
Minimum number of uppercase letters that a password must include. Valid values are integers in the range 0 through 64. On a new S Series Node, the default is 0.
A value of 0 means that the password can, but does not have to, include any uppercase letters.
Note: The sum of the four character-set minimums cannot be greater than the minimum password length.
Lowercase letters (a-z)
Minimum number of lowercase letters that a password must include. Valid values are integers in the range 0 through 64. On a new S Series Node, the default is 0.
A value of 0 means that the password can, but does not have to, include any lowercase letters.
Numbers (0-9)
Minimum number of numbers that a password must include. Valid values are integers in the range 0 through 64. On a new S Series Node, the default is 0.
A value of 0 means that the password can, but does not have to, include any numbers.
Special characters
Minimum number of special characters that a password must include. The special characters are: `~!@#$%^&*()-_+={}[]|\:;"'<>,.?/
Valid values are integers in the range 0 through 64. On a new S Series Node, the default is 0.
A value of 0 means that the password can, but does not have to, include any special characters.
Force password change (days)
Number of days passwords are valid before they automatically expire. Valid values are 0 and integers in the range 3 through 999. On a new S Series Node, the default is 90.
A value of 0 disables this option, meaning that passwords never expire automatically.
Note: An HCP system that's configured to use storage on an S Series Node automatically changes the password for its S Series Node user account every 30 days. If you set the password expiration interval on the S Series Node to fewer than 30 days, the HCP system won't be able to access the S Series Node after the specified number of days have passed. To ensure that the HCP system doesn't lose access to the S Series Node, turn off automatic password expiration for the S Series Node user account created by HCP.
Block password re-use (previous passwords)
Number of previously used passwords for a user account that cannot be re-used when the account owner changes the password for that account. Valid values are integers in the range 1 through 99. On a new S Series Node, the default is 5.
The specified number includes the current password. For example, if the value of this option is 8, the new password cannot be the same as the current password or the last seven passwords used before the current password.
Regardless of the value of this option, the S Series Node stores the 99 most recently used passwords for each user account, or fewer if fewer passwords have been used. Therefore, if you increase the number of blocked passwords users immediately cannot re-use the new number of passwords. For example, if you increase the value of this option from 5 to 7, users who have used seven or more passwords are immediately blocked from using the seven most recently used passwords because the sixth and seventh passwords have already been stored.
All passwords, both current and previously used, are stored in an encrypted format.
Note: In releases earlier than 3.2.0, for each user account, the S Series Node stored only the current password and the password used immediately before the current password. After an upgrade to release 3.2.0 or later from a release earlier than 3.2.0, the first time the account owner changes the password for the account, only those two stored passwords cannot be re-used, regardless of the value of the block password re-use option.
Block common passwords
Whether to prevent the terms in the common-password dictionary from being used as passwords. For information about the common-password dictionary, see Common-password dictionary.
By default, on a new S Series Node, this option is disabled.
You can save security settings with this option enabled only after a common-password dictionary source file has been uploaded. If the contents of the common-password dictionary are deleted, this option is automatically disabled.
Block username in password
Whether to prevent passwords from containing or being the same as the username for the applicable user account.
The username comparison is case insensitive. For example, if the username for the account is lgreen, none of these can be the password for the account: lgreen, Lgreen, lgreEn, lgreen953, 8?lgreen!
By default, on a new S Series Node, this option is enabled.