Password policy
Use this page to control a user's password selection in order to define the characteristics of the password to ensure that it complies with the security policy for your site. It lists all existing password policies including any predefined ones supplied with WebSphere Commerce by default.
This feature defines attributes with which the password must comply. The password policy enforces the following conditions:
- Whether the user ID and password can match.
- Maximum occurrence of consecutive characters.
- Maximum instances of any character.
- Maximum lifetime of the passwords.
- Minimum number of alphabetic characters.
- Minimum number of numeric characters.
- Minimum length of password.
- Whether the user's previous password can be reused.
While on this page:
- You can create a new policy by clicking New.
- You can change the characteristics an existing policy by selecting the policy in the list and clicking Change.
- You can delete an existing policy by selecting the policy in the list and clicking Delete.
When Creating a password policy, you must complete the following fields or update them from the default value if required:
- Name
- The name for your password policy.
- Can the user ID and password match?
- Defines whether the user ID and password can be identical or not. Select either Yes or No from the list.
- Maximum consecutive character types.
- Defines the maximum occurrence of consecutive characters in a password. The minimum value is 2
consecutive characters. For example, with a value of 2, a user cannot enter a password such as
aaabc. - Maximum instances of any character.
- Defines the maximum number of times the same character can appear in a password. The minimum
value is 1 instance of a character. For example, with a value of 2, a user cannot enter a password
such as
abcaabc. - Maximum lifetime of the passwords.
- Defines the maximum amount of time, in days, that a password can exist. The minimum value is 1 day. After this time period, a user is prompted to change their password.
- Minimum number of alphabetic characters.
- Defines the minimum number of alphabetic characters that need to be in a password. The minimum value is 0 alphabetic characters.
- Minimum number of numeric characters.
- Defines the minimum number of numeric characters that need to be in a password. The minimum value is 0 numeric characters.
- Minimum length of password.
- Defines the smallest length of a password, in characters. The minimum value is 1 character.
- Can the password be reused?
- Defines whether a user's previous password can be reused. Select either Yes or No from the list.
To complete the creation of a new password policy, click OK.
Notes:
- You cannot delete a password policy if it is in use (that is, a user is assigned to the password policy).
- Password policies are enforced only if users are authenticated against the HCL Commerce database.