Configuring password policies

Use the Password Policies tab on the Accounts and Passwords page for the Network IPS appliance to configure password complexity, expiration dates, allowable characters, and other options for user accounts.

About this task

Navigating in the Network IPS Local Management Interface: Manage System Settings > Appliance Access > Accounts and Passwords

Notes:
  • Changes to Password History option: If Password History is enabled and later changed to No Password History, an additional change is required to avoid access problems. In Manage System Settings > Appliance Access > Accounts and Passwords > Local Administrators, you must change the local administrators password to a new password that has not been logged in the password history file. If you do not complete this additional step, the appliance might deny access.
  • The appliance does not apply password policies to the Root account or to remote user accounts.

Procedure

  1. Click the Password Policies tab.
  2. Configure the following options in the Password Complexity area:
    Option Description
    Minimum Password Length Specifies the minimum number of characters for passwords.
    Alpha Characters Required Specifies whether passwords contain alphabetic characters.
    Numeric Characters Required Specifies whether passwords contain numeric characters.
    High Low Case Required Specifies whether passwords are case-sensitive or contain both upper and lowercase characters.
  3. Configure the following options in the Password Properties area:
    Option Description
    Password Expiration Age Specifies a length of time a password works to gain access to the appliance.
    Password History Specifies whether the appliance retains a history of old passwords and how many the appliance logs. Users cannot reuse passwords that are retained in history.
    Lockout Attempts Specifies the number of login attempts a user can try before the appliance denies the user access to the appliance for using an incorrect password.
    Password Unlock Time Specifies whether users can attempt to log in again after the appliance denies them access, which is the Manual option. Also specifies for how long the appliance denies user access before another login attempt.
    Idle Time Logout Specifies whether the appliance denies a user access for being idle and specifies the length of acceptable idle time.