Username Password Rules

Owned by Kelli Higdon
Last updated: Apr 12, 2024 by Nathaniel Halbrooks
2 min read

 

When creating a new User or modifying an existing Users password, the rules below apply. Password must be at least 8 characters in length and contain characters from each of the following four categories:

  • Must contain at least one English uppercase character (A through Z).

  • Must contain at least one English lowercase character (a through z).

  • Must contain at least one Base 10 digit (0 through 9).

  • Must contain one non-alphanumeric character (e.g., !, $, #, %).

For user created accounts:

  • Passwords will expire after 90 days.

  • Once the password expires, the user will be blocked from logging in until the password is successfully changed.

Field Descriptions

 

Password Expiration Days

Number of days that the password will expire for user created accounts.

Once the password expires, the user will be blocked from logging in until the password is successfully changed.

Password Length

Minimum Number of days that the password will expire for user created accounts.

Nonalnum Toggle

on : Password must contain one non-alphanumeric character ( e.g. !, $,#,%)

off: non-alphanumeric character is not mandatory.

 

Uppercase Toggle

on : Password must contain one uppercase character ( A through Z).

off:  uppercase character  is not mandatory.

Uppercase Toggle

on : Password must contain one lowercase character ( a through z).

off:   lowercase  character  is not mandatory.

Numeric Toggle

on : Password must contain one numeric digit ( 0 to 9).

off:   numeric digit  is not mandatory.

Maximum attempt Limit

Works in combination with Attempt Limit reached Action when set to: Increase reattempt delay

Attempt Limit reached action

Increase reattempt delay :  the delay to be able to login again will be incremented by the default reattempt delay before max for each consecutive error.

When the maximum reattempt is reached, then the maximum re-attempt delay is applied.

For example, if the default reattempt delay before max of 10 seconds:

1st unsuccessful attempt, wait 10 seconds,

2nd unsuccessful attempt, wait 20 seconds,

3rd unsuccessful attempt, wait 30 seconds,

4th unsuccessful attempt, wait 40 seconds,

5th unsuccessful attempt, wait 1 minute ( max)

6th unsuccessful attempt, wait 1 minute ( max) ...

 

None: feature disabled.

 

Default reattempt delay before max (sec)

Works in combination with Attempt Limit reached Action when set to: Increase reattempt delay

The delay increment that will be applied for each unsuccessful login attempt to be able to login again.

Maximum reattempt delay (min)

Works in combination with Attempt Limit reached Action when set to: Increase reattempt delay

This delay will be applied to be able to login again, once the Maximum attempt Limit  is reached.

Minimum delay before password change allowed ( days)

Minimum number of day(s) before a user is allowed to change his password.

When set to 0, a user may change his password anytime. 

 

Return to Documentation Home I Return to Sangoma Support