Setting Up Security Control > Creating a Password Strategy
  
Creating a Password Strategy
Use the Password frame to define the complexity requirements and expiration time period for user account passwords. Anytime a new password is created for an account—either manually or automatically—that password must meet the rules you set up here. Use as many or as few password parameters as required by the security guidelines set for your environment.
If you enable automatic password creation by setting Password Creation Method to Email or Display, the system uses the parameters you specify to generate new passwords.
If you choose to allow valid users to access the application based directly on operating system security, do not define any password parameters; select the Enforce OS User ID check box in the initial frame of Security Control. To default the user ID from the operating system but still require a password for the application at login, select the check box and specify password parameters as needed. See OS-Based Login Security.

Security Control, Password Frame
Minimum Length
Enter the minimum number of characters allowed for new passwords. Password cannot exceed 16 characters. Leave the default 0 (zero) to indicate that a blank password is allowed.
Note: Passwords are validated against structure requirements only when they are first created, rather than each time they are used. To make password structure changes apply immediately, use Force Password Change Utility (36.3.23.12) to force users to change their passwords at the next login. New passwords must meet the updated structure requirements. See Monitoring System Security.
Min Numeric Characters
Enter the minimum number of numeric characters required for new passwords. This value plus the value in Min Non-Numeric Characters cannot exceed 16 and must be the same as or less than the specified minimum length. Leave the default 0 (zero) to indicate that numeric characters are not required in the password.
Min Non-Numeric Characters
Enter the number of non-numeric characters required for new passwords. This value plus the value in Min Numeric Characters cannot exceed 16 and must be the same as or greater than the specified minimum length. Leave the default 0 (zero) to indicate that non-numeric characters are not required in the password.
Minimum Reuse Days
Indicate the number of days a user must wait before a password can be reused. The system maintains all user passwords for historical purposes. If users define new passwords at specific time intervals, you can set this value so that the same password is not reused for a specific period of time.
Example: Enter 364 to indicate that users cannot select a password already used in the previous year.
This password check can be used independently or in conjunction with the next field, Minimum Reuse Changes. If you set both options, both rules apply. Leave the default 0 (zero) to indicate that this rule should not apply.
Minimum Reuse Changes
Indicate the number of password changes required before a password can be reused. The system maintains all user passwords for historical purposes. You can set this value so that the same password is not reused until the user has changed their password at least this many times.
Example: Enter 3 to indicate that users must change their passwords three times before they can use the same password again.
This password check can be used independently or in conjunction with Minimum Reuse Days. If you set both options, both rules apply. Leave the default 0 (zero) to indicate that this rule should not apply.
Password Creation Method
Specify the method you want to implement for creating new temporary passwords. For details on password maintenance, see Updating Passwords.
No (the default). The system administrator must define temporary passwords manually. Automatic password generation is not enabled.
Display. A new temporary password is automatically generated and displayed on the screen in User Maintenance. The system administrator must then communicate it to the user.
Email. A temporary password is automatically generated and e‑mailed to the address defined in User Maintenance for the user ID. This method is especially useful in high-security environments because the user is the only person who has access to the temporary password. See Setting Up E-mail Notifications.
Note: All passwords created using the specified method are temporary, single-use passwords. The user is forced to change this password at the first login.
Expiration Days
Specify the number of days users can use the same password before the system prompts them for a new one.
Once the specified number of days passes since a user’s last password change, they are prompted for a new password at the application welcome screen. When this field is 0 (zero), passwords never expire.
Note: The date of the user’s last password change displays in User Maintenance and User Password Maintenance. The date in printed in Universal Time, Coordinated (UTC). For more information on the time stamping of transactions outside domains, see QAD System Administration User Guide.
Warning Days
Enter the number of days before a password will expire when users are warned of the upcoming expiration date. This must be less than the value of Expiration Days.
Users are reminded of the expiration date at each subsequent login and can optionally update their passwords immediately or, depending on menu access, update them in User Password Maintenance.