Skip to main content

Lyve Cloud Documentation

Password policy

A password policy is applied to all user accounts that are created and managed directly in Lyve Cloud. The following are the considerations for password policy.

Note

The password policy is not applicable for federated users.

The following password policy options are defined and must be fulfilled.

Property

Requirements

Characters allowed

A – Z, a - z, 0 – 9, (!, @, #, $, %, ^, &;, *)

Number of characters

between 8 - 128 characters

Password Type

The password must contain three of the following four character types:

  • A lower-case letter

  • An upper-case letter

  • A number

  • A special character (!, @, #, $, %, ^, &;, *)

Password restrictions

  • Setting passwords to common options like password, 123456, 12345678, 1234, qwerty, etc.

  • Setting passwords that contain their personal data like name, username and nickname. The first part of the user's email will also be checked firstpart@example.com

Password change history

This prevents users from recycling old passwords; the last five passwords can't be used again when the user changes a password. The password change history determines the number of unique new passwords associated with a user account before an old password can be reused.

Password expiration

The password expiration policy determines the period of time (in days) that a password can be used before it requires the user to change it. The password will expire 180 days from the date when the password is updated. The password expiration date is updated to 180 days once the user changes the password.

Example: The password that is changed on 1 January 2022 will be set to expire on 30 June 2022.

Users will receive two email notifications, the first one before seven days, and another one before three days to reset the password. This email includes a link to change the password.

Restricting password

The password policy does not allow users to use the most commonly used passwords. The following restrictions include:

  • Commonly used password

    See the restricted list to view the list of passwords that are not allowed.

  • Personal data

    It prohibits users from setting passwords that contain any of their personal data.

    For example: name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, first part of the user's email (firstpart@example.com)

    If the user's name is John, the user would not be allowed to include John in their password. For example, John1234 will not be allowed.