Configuring security policy for user passwords
Available from 9.2.7. If your company has a security policy for user passwords, or you want to improve the application security, you can configure BigFix Inventory to require that user passwords fulfill the policy requirements.
Before you begin
- Must be at least 8 characters long
- Must contain at least one lowercase character, one uppercase character, and one digit
If you upgraded from an earlier version and a user password does not fulfill these requirements, it remains valid until the user changes it. The new password must fulfill the default requirements. Similarly, if you introduce a password policy, existing passwords that do not meet the requirements remain valid until the next time they are changed.
Procedure
- Go to .
-
Define requirements for user passwords.
- To specify the minimal length of the password, set the
user_password_min_length parameter. For
example:
user_password_min_length = 8
- To specify the maximal length of the password, set the
user_password_max_length parameter. For
example:
user_password_max_length = 16
- To set a limit on the number of the same characters that can be used in a row, set the
user_password_max_of_identical_characters_in_row parameter. For
example:
user_password_max_of_identical_characters_in_row = 3
- To specify that at least one special character must be used, provide the list of acceptable
characters in the user_password_special_characters parameter. For
example:
user_password_special_characters = ?!%&
- To specify other requirements such as the need to use at least one uppercase character,
create a regular expression that defines the requirement, and provide it in the
user_password_regular_expression parameter. For
example:
user_password_regular_expression = ^(?=.*[A-Z]).+$
Tip: To learn more about each parameter, see: Advanced server settings. - To specify the minimal length of the password, set the
user_password_min_length parameter. For
example: