Password policy consists of an aggregate set of rules defined at the system level and within the individual dashboards to which an end-user has explicit access.

Password Complexity

Valid passwords must be at least eight (8) characters in length and incorporate at least three out of four the following characters: uppercase, lowercase, number, and special character. Additionally, passwords may not incorporate elements of the first name, last name, email address, or the word password.

Advanced Password Policies

In addition to the password complexity rules established above some customers may opt to establish advanced password policies that include password aging and password history. If such policies are active, they are aggregated across all dashboards to which the end user has specific access and the most restrictive values are applied. For instance, if a user had access to dashboard A that had no aging policy, dashboard B that had a 90-day aging policy, and dashboard C which had a 180-day aging policy then those values would be aggregated and smallest value, in this case 90 days, would be applied and in the event that a user had gone more than 90 days without changing their password they would be prompted to do so before being able to logon again. The password history policy works in the same way to ensure that users to not repeatedly use the same passwords during the password change process only instead of aggregating and using the smallest value the largest value is used instead.

Send comments on this topic.