Password policies help you define the characteristics of passwords of various strengths, which can then be used to enforce strong passwords on resources. Apart from the default policies, you can create your own based on your requirements. The built-in password generator can generate passwords compliant to the defined policies.
Password Generator randomly generates password based on the rule set by the administrator - for example, minimum number of characters, alphanumeric characters, mixed case, special characters etc. Every password input field in PMP has the password generator along-side and the policy that is set as system default will be used to generate passwords, unless directed otherwise.
Password policy for PMP can be centrally managed from the "Admin" tab:
- Go to Admin >> Customize >> Password Policies.
- By default, there are four pre-defined policies in PMP, which are Low, Medium, Strong, and Offline Password File.
- The Low, Medium, and Strong policies each represent a different level of constraints and complexity requirements for passwords respectively. These three policies cannot be edited at any time by any user/administrator in PMP.
- The Offline Password File policy comprises the most strict constraints among all pre-defined policies, and is specifically designed for use during offline access to passwords. For instance, whenever users export passwords from PMP to an encrypted HTML file, the users will be automatically prompted to enter a pass-phrase, which will be used as the encryption key while doing the export. The Offline Password File policy can be used as the default policy in such circumstances to enforce users to set stronger pass-phrases. This policy can neither be edited nor deleted.
- You can set any one of the above policies as the default policy for PMP, i.e. when any user tries to change the password of any resource/account, the default policy will be automatically enforced and the user would be forced to enter a password as per the policy requirements. To set a policy as the default, just click on the Set as Default tick icon present against the policy.
You can also create your own password policy based on your requirements. To create a password policy,
- Click "Add Policy"
- In the form that pops-up, provide a name for your policy, enter a description, specify the minimum and maximum password lengths, specify if mixed-cases, special characters are to be enforced and how many such special characters, specify if the password has to start with an alphabet, if login name could be used as password, how many old passwords are to kept in archives and the Password Age - i.e. the time limit (in days) up to which the password is valid. After the validity period, the password would expire
- Click "Save"
Note: At any point of time, the password policy set as default for PMP, either pre-defined or custom-built, can neither be edited or deleted. In order to edit a custom policy which is currently set as default, another policy must first be set as default.
- How does a Password Policy get enforced in PMP?
This question naturally arises when you are in the process of adding a resource. The following example would provide the answer: If your intention is to have accounts with strong passwords, others with admin privileges should not disturb this intention while changing the password. So, this step is crucial. If you want to enforce policy at time of resource addition itself, see "General Optional Settings" for details.
Applying Password Policies to Resources in Bulk
You can apply any password policy to many resources in bulk at one go.
- Go to "Resources" tab
- Select the resources for which you wish to apply the same password policy
- Click the link "Set Password Policy" from "More Options" listing
In the UI that opens up,
- Select the required policy from the drop-down
- Click "Save"
Once you do this, the chosen password policy would be applied to all the selected resources in bulk. In case, any of the chosen resources were associated with a password policy already, this action would simply overwrite the previous policy.