Password policies help you define the characteristics of passwords of various strengths, which can then be used to enforce strong passwords on resources. Apart from the default policies, you can create your own based on your requirements. The built-in password generator can generate passwords compliant to the defined policies.
Password Generator randomly generates password based on the rule set by the administrator - for example, minimum number of characters, alphanumeric characters, mixed case, special characters etc. Every password input field in PMP has the password generator along-side and the policy that is set as system default will be used to generate passwords, unless directed otherwise.
Password policy for PMP can be centrally managed from the "Admin" tab:
Go to "Admin >> Customize >> Password Policies"
By default, three policies - Low, Medium and Strong are available in PMP indicating the relative strength of the passwords. Low represents the passwords with less strict constraints, medium with a few strict conditions and strong with very strict conditions. The three default policies cannot be edited or deleted
You can set any one of the policy as the default policy -that is, when the user tries to change the password of a resource/account, the default policy would be enforced and the user would be forced to enter a password as per the policy. To set a policy as the default policy, just click the "set as default" icon present against the policy
You can create you own password policy based on your requirements. To create a password policy,
Click "Add Policy"
In the form that pops-up, provide a name for your policy, enter a description, specify the minimum and maximum password lengths, specify if mixed-cases, special characters are to be enforced and how many such special characters, specify if the password has to start with an alphabet, if login name could be used as password, how many old passwords are to kept in archives and the Password Age - i.e. the time limit (in days) up to which the password is valid. After the validity period, the password would expire and it would require reset. (The three default policies - low, medium and strong have password age values of 15, 10 and 5 days respectively)
This question naturally arises when you are in the process of adding a resource. The following example would provide the answer: If your intention is to have accounts with strong passwords, others with admin privileges should not disturb this intention while changing the password. So, this step is crucial. If you want to enforce policy at time of resource addition itself, see "General Optional Settings" for details.
You can apply any password policy to many resources in bulk at one go.
Go to "Resources" tab
Select the resources for which you wish to apply the same password policy
Click the link "Set Password Policy" from "More Options" listing
In the UI that opens up,
Select the required policy from the drop-down
Once you do this, the chosen password policy would be applied to all the selected resources in bulk. In case, any of the chosen resources were associated with a password policy already, this action would simply overwrite the previous policy.
© 2009, ZOHO Corp. All Rights Reserved.