JavaScript is disabled on your browser.

User Configuration: Security Guidelines

General security settings are defined here.

Maximum count of failed login attempts defines how often a user may attempt to log on again after a login has failed, such as following an incorrectly entered password.

Maximum password age defines how long a password is valid.

Minimum password length defines the minimum number of characters that may be entered to be used as a password. When passwords are created that fall below this number, an error message will be output.

In Allowed characters, you define which characters may be used for passwords.

In Illegal characters, you exclude those characters that may not be used in passwords.

Test with regular expression allows you to enter a regular expression that will be used to check characters which are not allowed in the password. If the expression ^([A-Za-z0-9ÄÖÜäöü]{6,40})$ is entered to the field to the right of the setting, for example, passwords would not be allowed that contained six to 40 characters, contain upper- and lowercase letters, or umlauts in upper- or lowercase.

Test for character repeats enables you to restrict the frequency with which a preset part of the password can be repeated within the password.

The setting to Decline passwords found in dictionary causes passwords that consist only of known words like "flower" or "birthday" to be declined.

The setting to Reject passwords found in history causes passwords that were already used to be declined. Additionally you can define if only the All or only the Last passwords will be rejected.

Decline letter sequences causes passwords to be declined if they contain sequences of letters in order (such as "ABC").

Decline number sequences causes passwords to be declined if they contain sequences of numbers in order (such as "123").

Forbid user name in password declines passwords that contain the user name.

Decline spaces prevents passwords from being used that contain space characters.

In the account guidelines, the Password expires setting defines that a password has an expiration date defined by the other criteria.

The setting that the User must change password at next login has the effect of requiring the user to enter a new password once the user logs in with an expired password.

You can also set for users that User can't change password.