Password Security
You use the Password Security feature to define a password policy. For example, you can define the minimum and maximum length for passwords or set how soon to lock out a user after their password has been inactive. The Password Security
screen provides options
to set these parameters.
Structure
|
Screen Element |
Description |
|---|---|
|
|
Allows you to select whether the password should consist of only alpha characters, only numeric characters, or a combination of both. |
|
|
Sets the minimum password length for the password. The PCI (Payment Card Industry) security standard for minimum length is 7, but 8 is recommended. |
|
|
Sets the maximum password length for the password. This must be larger than the minimum length. |
|
|
Sets the time frame during which a password is valid. When this time expires, the user must set a new password. The minimum number of days required for this option is 1. There is no restriction on the maximum number of days. The PCI security standard requires that passwords be changed at least every 90 days. |
|
|
Sets the number of password change cycles the user must pass before they can recycle a previously used password. The PCI security standard is 4 times. |
|
|
Sets the number of times users can attempt to enter their password if they make a mistake. When the users exceed this number of attempts, they are locked out of the system and required to reset or change their password. The minimum number of attempts required for this option is 1. There is no restriction on the maximum number of attempts. The PCI security standard is 6 attempts. |
|
|
Sets the number of inactive days after which users are locked out. When they exceed this number of days, users are required to reset or change the password. The minimum number of days required for this option is 1. There is no restriction on the maximum number of days. The PCI security standard is 30 days. |