Password policy
A password policy is applied to all user accounts that are created and managed directly in Lyve Cloud. The following are the considerations for password policy.
Note
The password policy is not applicable for federated users.
The following password policy options are defined and must be fulfilled.
Property | Requirements |
---|---|
Characters allowed | A – Z, a - z, 0 – 9, (!, @, #, $, %, ^, &;, *) |
Number of characters | between 8 - 128 characters |
Password Type | The password must contain three of the following four character types:
|
Password restrictions |
|
Password change history
This prevents users from recycling old passwords; the last five passwords can't be used again when the user changes a password. The password change history determines the number of unique new passwords associated with a user account before an old password can be reused.
Password expiration
The password expiration policy determines the period of time (in days) that a password can be used before it requires the user to change it. The password will expire 180 days from the date when the password is updated. The password expiration date is updated to 180 days once the user changes the password.
Example: The password that is changed on 1 January 2022 will be set to expire on 30 June 2022.
Users will receive two email notifications, the first one before seven days, and another one before three days to reset the password. This email includes a link to change the password.
Restricting password
The password policy does not allow users to use the most commonly used passwords. The following restrictions include:
Commonly used password
See the restricted list to view the list of passwords that are not allowed.
Personal data
It prohibits users from setting passwords that contain any of their personal data.
For example: name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, first part of the user's email (firstpart@example.com)
If the user's name is John, the user would not be allowed to include John in their password. For example, John1234 will not be allowed.