Docs
Security
User password

User password

This topic introduces configuration parameters for user password security.

1.

In the right area of the top navigation bar, click .

image
2.

In the left menu, click Security.

3.

On the right page, click User password tab.

Basic

User password expiration (day)

The user password expiration period is calculated from the last password update. If the user does not change their password within this period, the password will expire, and the user will be unable to log in.

Within 5 days before the password expires, the system will automatically send a daily email reminder to prompt the user to update their password.

Recent password count

Administrators can configure that when users reset their passwords, the new password must not be the same as any of their recently used passwords.

User expired tokens record keep day

The system runs a scheduled task daily to delete expired connection tokens. Administrators can configure the number of days to retain them.

In "Profile Settings > Connection tokens", you can view and manage the connection tokens that are generated when connecting to assets.

Password rules

Leak password

Administrators can maintain a weak password set here.

The weak password set currently serves two purposes:

  1. During asset account risk detection, any account whose password is included in the weak password set will be flagged as having a weak password.
  2. When users reset their passwords, they are not allowed to use any password that is part of the weak password set.

Password complexity

Password complexity applies only to user passwords and does not include asset account passwords.

Minimum length (User)

Administrators can set a minimum password length for users.

Minimum length (Admin)

Administrators can set a minimum password length for administrators.

Uppercase

Administrators can configure whether user and administrator passwords must contain uppercase letters.

Lowercase

Administrators can configure whether user and administrator passwords must contain lowercase letters.

Digits

Administrators can configure whether user and administrator passwords must contain digits.

Special characters

Administrators can configure whether user and administrator passwords must contain special characters.

Login restrictionAsset session