A password policy is a set of rules designed to enhance security by encouraging users to employ strong passwords. Another possible defense against password-guessing attacks is enabling an account-lockout, which means the account will be locked after a specified number of invalid or failed login attempts.
To configure a password policy in OpManager, go to Settings -> General Settings -> User Management -> Password Policy. You can configure the folllowing settings under OpManager's password policy.
- Minimum password length: Specify the minimum number of characters required in a password. It should be 5-25 characters.
- Enforce password history: Number of unique passwords that must be associated with a user account before re-using an old password.
- Password complexity:
- Minimum characters as specified above.
- Maximum 25 characters.
- Minimum 1 uppercase, 1 lowercase and 1 special character (! ~ @ # $ % ^ & + = _ *).
- Password should not be same as username: Enable this to option to prevent duplication of a username in the password.
- Forgot Password: Enable this option to have Forgot Password option in the login page.
- User Account Lockout Policy: The User Account Lockout setting allows the administrator to lockout accounts after a specified number of invalid login attempts. A locked out account cannot be used until reset by an administrator or until the account lockout duration has expired. For instance, if invalid credentials have been provided for over 5 times, the account will be locked out for 2 mins. This lockout interval and the number of bad login attempts can be configured.
- Maximum invalid login attempts: Specify the maximum invalid login attempts before an account gets locked out.
- Lockout period: Specify the lockout duration in minutes.
To know about how to authorize AD group users, click here.
Note: The password policy is applicable only to local users. We do not have any control over the AD and radius user passwords. Their password policies completely depend on the respective AD and Radius server settings.