Configuring security policy for user passwords

Available from 9.2.7. If your company has a security policy for user passwords, or you want to improve the application security, you can configure BigFix Inventory to require that user passwords fulfill the policy requirements.

Before you begin

Starting from application update 9.2.7, user passwords must fulfill the following default requirements:
  • Must be at least 8 characters long
  • Must contain at least one lowercase character, one uppercase character, and one digit

If you upgraded from an earlier version and a user password does not fulfill these requirements, it remains valid until the user changes it. The new password must fulfill the default requirements. Similarly, if you introduce a password policy, existing passwords that do not meet the requirements remain valid until the next time they are changed.

Procedure

  1. Go to Management > Advanced Server Settings.
  2. Define requirements for user passwords.
    • To specify the minimal length of the password, set the user_password_min_length parameter. For example:
      user_password_min_length = 8
    • To specify the maximal length of the password, set the user_password_max_length parameter. For example:
      user_password_max_length = 16
    • To set a limit on the number of the same characters that can be used in a row, set the user_password_max_of_identical_characters_in_row parameter. For example:
      user_password_max_of_identical_characters_in_row = 3
    • To specify that at least one special character must be used, provide the list of acceptable characters in the user_password_special_characters parameter. For example:
      user_password_special_characters = ?!%&
    • To specify other requirements such as the need to use at least one uppercase character, create a regular expression that defines the requirement, and provide it in the user_password_regular_expression parameter. For example:
      user_password_regular_expression = ^(?=.*[A-Z]).+$
      
    Tip: To learn more about each parameter, see: Advanced server settings.