40.6 Securing User Passwords

You can require that user passwords to the Vibe site meet certain criteria by enabling password complexity checking. Only locally created users and external users are affected by this setting; users whose accounts are synchronized to Vibe via LDAP are not affected.

Users’ existing passwords are not forced to comply with the password policy; only when a user changes his or her password is the password policy put into effect.

When you enable password complexity checking in Vibe, Vibe requires that passwords:

  • Are at least 8 characters in length

  • Do not contain the user’s first name, last name, or user ID (these restrictions are not case-sensitive)

  • Contain at least 3 of the following:

    • A lower-case character

    • An upper-case character

    • A number

    • One of the following symbols: ~ @ # $ % ^ & * ( ) - + { } [ ] | \ ? / , . < >

To enable password policy checking on the Vibe site:

  1. Log in to the Vibe site as the Vibe administrator.

  2. Click the admin link in the upper-right corner of the page, then click the Administration Console icon .

  3. Under System, click Password Policy.

  4. Select Enable Password Complexity Checking for Local and External Users, then click OK.