The password policy, when carefully implemented, enables businesses to minimize risks posed by unauthorized access due to password leaks. Such policy usually stipulates that the users are obliged to change their password in regular intervals and that the password must meet defined complexity requirements.

To set the required password policy in the User Manager, please follow these steps:

1. Select the user(s) whose password policy you want to set.
2. Click Password Policy button from the Main Controls. The following dialogue will pop up.

   

   Setting the password policy

3. Through the radio buttons you can choose on of the four options for intervals of password change:
   • Never

     Password Policy is disabled. Users are never explicitly obliged to change their password.

   • Second login

     Newly created users are requested to change their password on their second login to the system (default).

   • Period

     Users have to change their passwords in regular intervals. This time in days is specified in Period (in days) text box. When the password expires the users are no more able to log into the system until they change their password.

   • Second login/Period

     A combination of the previous two. The users are requested to change password on their second login to the system and then they have to change it in regular intervals.

4. Use the Enable password complexity check checkbox to enable/disable checking passwords of the selected user(s) for complexity (see the Password Complexity Check chapter for more information).

   Please also note that even if enabled here, the password complexity check will not be applied until it is set up in Global Settings.

5. Click OK to make setting effective. Note that the actual setting will take place only when you save it to the database, which is done in the next step.
6. Back in the Users dialogue, click Apply to keep changes or, when prompted to save changes on exit, click OK to confirm. The Password Policy will be then set.