Password Policy

A password policy is a set of rules designed to enhance security by encouraging users to employ strong passwords. Another possible defense against password-guessing attacks is enabling an account-lockout, which means the account will be locked after a specified number of invalid or failed login attempts.

To configure a password policy in OpManager, go to Settings -> Basic Settings -> User Management -> Password Policy.

Minimum password length: Specify the minimum number of characters required in a password. It should be within 5-25 characters.

Enforce password history: Number of unique passwords that must be associated with a user account before re-using an old password.

Password complexity: Level of complexity to be associated with a password.

Simple
1. Minimum characters as specified above
2. Maximum 25 characters

Complex 
1. Minimum characters as specified above
2. Maximum 25 characters
3. Minimum 1 uppercase, 1 lowercase and 1 special character (! ~ @ # $ % ^ & + = _ *).

Password should not be same as username: Enable this to option to prevent duplication of a username in the password. 

User Account Lockout Policy: The User Account Lockout setting allows the administrator to lockout accounts after a specified number of invalid login attempts. A locked out account cannot be used until reset by an administrator or until the account lockout duration has expired. For instance, if invalid credentials have been provided for over 5 times, the account will be locked out for 2 mins. This lockout interval and the number of bad login attempts can be configured.

Maximum invalid login attempts: Specify the maximum invalid login attempts before an account gets locked out.

Lockout period: Specify the lockout duration in minutes.