A password policy is a set of rules designed to enhance security by encouraging users to employ strong passwords. Another possible defense against password-guessing attacks is enabling an account-lockout, which means the account will be locked after a specified number of invalid or failed login attempts.
To configure a password policy in OpManager, go to Settings -> General Settings -> User Management -> Password Policy.
Minimum password length: Specify the minimum number of characters required in a password. It should be 5-25 characters.
Enforce password history: Number of unique passwords that must be associated with a user account before re-using an old password.
1. Minimum characters as specified above.
2. Maximum 25 characters.
3. Minimum 1 uppercase, 1 lowercase and 1 special character (! ~ @ # $ % ^ & + = _ *).
Password should not be same as username: Enable this to option to prevent duplication of a username in the password.
User Account Lockout Policy: The User Account Lockout setting allows the administrator to lockout accounts after a specified number of invalid login attempts. A locked out account cannot be used until reset by an administrator or until the account lockout duration has expired. For instance, if invalid credentials have been provided for over 5 times, the account will be locked out for 2 mins. This lockout interval and the number of bad login attempts can be configured.
Maximum invalid login attempts: Specify the maximum invalid login attempts before an account gets locked out.
Lockout period: Specify the lockout duration in minutes.
User Group Details: