Password Requirement Options
You can set the following password requirements when creating or editing a password policy.
See the table below for requirement descriptions and examples.
Requirement Title | Description | Default Value | Example Value | Valid Password | Invalid Password |
---|---|---|---|---|---|
Maximum length | The maximum number of characters allowed. | None | 12 | password | passwordpassword |
Minimum length | The minimum number of characters allowed. | 8 | 8 | password | pass |
Minimum letters | The minimum number of letters. | 1 | 2 | password, a123Z, BR650 | p12345 |
Minimum uppercase | The minimum number of uppercase letters. | 0 | 2 | PAssword, PASSWORD | password, Password |
Minimum lowercase | The minimum number of lowercase letters. | 0 | 2 | PASSWOrd, password | PASSWORD |
Minimum digits | The minimum number of digits. | 1 | 2 | password12 | password1 |
Minimum special characters | The minimum number of special characters that are not letters or digits. Note: Passwords cannot include a colon (:). |
0 | 2 (Acceptable special characters: ~!@#$%^*()/_+-`-={}\|][;?,.&><'" and spaces) |
p@$sword | p@ssword, p@ssword1 |
Minimum character types | The number of categories required (uppercase, lowercase, digits, and special characters) described above. Best practice: Set each category to 1 and then set Minimum character types to be equal to the number of categories you configured. |
None | 3 (Selected options: Minimum uppercase, Minimum lowercase, Minimum digits) | Password1 | password, password1 |
Maximum repeated characters | The maximum number of times a character may be repeated after the first occurrence. | All | 2 | password | passsword |
Prevent use of account attributes | If checked, this requirement prevents users from including attribute values from their account on the source in their password. | Unchecked | In Active Directory: Display name: John Smith Phone: 555-555-1234 | password | password5555551234, passwordJohn |
Prevent use of identity attributes | If checked, this requirement prevents users from including attribute values from their IdentityNow account in their password. | Unchecked | In IdentityNow: Display name: John Smith Phone: 555-555-1234 | password | password5555551234, passwordJohn |
Disallow display name fragments | If checked, this requirement prevents users from including any part of their IdentityNow display name with a length greater than the Fragment char length in their password. | Unchecked Fragment char value: All | Display name: John Smith Fragment char length: 3 | password, passwordJoh, passwordSmi | passwordJohnSmith, passwordJohn, JohnSmith, hnSm |
Disallow account ID fragments | Prevents users from including any part of their IdentityNow account ID in their password with a length greater than the Fragment char length. | Unchecked Fragment char value: All | Account ID: john.smith Fragment char length: 3 | password, passwordjoh, passwordsmi | passwordjohn, passwordn.smi |
You can further customize your password requirements by creating a password dictionary. If you select the checkbox for Prevent use of words in this site's password dictionary, users of your site won't be allowed to use words in the password dictionary.
Note
IdentityNow cannot process non-English characters as letters. If you have users who are likely to use non-English characters in their password, we recommend that you don't set a minimum letter limit for their passwords so they can set their passwords more easily.