About Proliance Password Policy

If Custom Authentication is enabled for a particular installation of Proliance, Password Policy is bypassed and users log in with their Custom Authentication account. For more information, see "Custom Authentication" in the Developer's Library.

If Windows Authentication is enabled for a particular installation of Proliance and a Proliance user has been associated with a Windows account, the Password Policy functionality is bypassed when that user logs in with their Windows account. However, Password Policy functionality is still active for:

• All users without an associated Windows account.
• Any user with an associated Windows account who chooses to log in to Proliance directly using Proliance Forms-based authentication.

Password complexity enforces the use of special characters and numbers in passwords. If the Password Complexity setting is enabled, passwords must meet the following minimum requirements when they are changed or created:

• Not contain the user’s User Name.
• Not contain three successive characters from the user's Full Name (First Name, middle name and last name).
• Contain characters from three of the following four categories:
  • Latin uppercase characters (A through Z)
  • Latin lowercase characters (a through z)
  • Base 10 digits (0 through 9)
  • Non-alphabetic characters (for example, !, $, #,)

The minimum password length setting determines the least number of characters that a password for a user account may contain. When password complexity is enabled, the minimum password length is 6 characters and the maximum is 14. When password complexity is not enabled, the minimum password length is set to 1 and is not configurable.

The password history setting determines the number of unique new passwords that are associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords.

The password history setting allows administrators to enhance security by ensuring that old passwords are not reused continually. When a user enters a password, it must be different from a configured number of passwords used in the past for the account.

If the password history is set to zero, then the only limitation is the user cannot re-use their current password when they change their password.

The password history is only enforced when a user changes their password. The history is not enforced if an administrator resets the user’s password.

The minimum password age setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.

Configure the minimum password age to be more than 0 if you want the Password history setting to be effective. Without a minimum password age, users can easily cycle through passwords repeatedly until they get to an old favorite.

If the maximum password age is between 1 and 999 days, the Minimum password age must be at least 1 day less than the maximum password age.

The password maximum age setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire.

The time after a user’s password has expired, but before the account becomes locked is the grace period. During this period of time, the user’s password will only allow them to change their password. Once their password is changed, they can perform their normal actions in Proliance.

If the user doesn’t login and change their password in the grace period, their account will be locked and an administrator will have to unlock their account.

The grace period may be set from 0 to 999 days. A value of 0 means that as soon as the password expires for an account, it is immediately locked.

Note: Remember Me settings do not bypass change password policies. For example, if a user has a password that is expired, but has recently selected Remember Me on the login screen, the password policy would ensure that the user must renew their password the next time they log in.