FlowForce Servers uses password policies to help administrators manage the complexity of user passwords. A password policy is a set of minimum requirements that a user password must meet in order to be valid (for example, at least N characters long).
The password complexity rules that you can define within a password policy are as follows:
•The total minimum length of the password (that is, the password must be at least N characters long to be valid)
•The minimum number of letters that the password must contain
•The minimum number of digits that the password must contain
You can define as many password policies as required (provided that you have the Maintain users, roles and privilege privilege). Once you define password policies, you can assign them to FlowForce users. A user account can have one password policy at a time.
When the user requests a password change, the system checks if the new password meets the complexity requirements defined in the user's password policy. If the password does not meet the complexity requirements defined in the password policy, the password change is denied, and the system displays a relevant message.
When an administrator changes the password of a user, FlowForce Server does not enforce the password policy. Also, if the password policy changes, any existing passwords remain unaffected. In the latter case, the password policy will be enforced when users attempt to change the existing password.
By default, FlowForce Server includes an empty password policy which does not enforce any password complexity rules. FlowForce Server implicitly assigns the default password policy to any user account that does not have a custom password policy. The default password policy cannot be changed.