Password requirements Skip Navigation

Password requirements

Passwords in
have the following requirements:
  • Passwords must be a minimum of 14 characters and include all of the following:
    • At least one upper-case letter (A through Z)
    • At least one lower-case letter (a through z)
    • At least one numeric (0 through 9)
    • At least one special character (for example, ~!@#$%^&*()_ + = ' [ ] / ? > < )
  • Passwords cannot contain personally identifiable information.
  • Passwords cannot be the same as the last ten passwords.
  • Users will be locked out for five minutes after three failed attempts to enter their password.
  • Passwords expire after 180 days.
    • If the user has a Read-Only role assigned and has a local user account, you can enable the no password expiration option. Password expiration is enabled by default.
Only Administrators can change or reset a user's password. You should generate a random password when you change or reset a user's password. Do not use a generic password because the password might be in the user's password history and therefore will be prohibited.
saves a minimum of ten generations when it comes to a user's password.
For Read-Only users who have a local user account, you can enable the option for
No password expiration for read-only accounts
when creating or editing a user. This option exempts Read-Only users from having to update their password every 180 days. LDAP and SSO user accounts do not have this option. For more information on creating a user, see Create a user.