Password Management
The system offers a flexible approach to assigning and managing passwords, based on the specific requirements of each environment.
Settings in Security Control (36.3.24) determine how passwords are generated, structured, and controlled. Your strategy can be as complex or as simple as required to meet requirements. You can specify:
• The minimum length of the password, including minimum numbers of numeric and non-numeric characters
• The number of days passwords are valid and whether the system begins warning users of the expiration date a given number of days in advance
• The number of days or password change cycles that must pass before a user can reuse the same password
• The manual or automatic method used to generate temporary passwords
Example: In a high-security environment, you might specify an eight-character password that must contain at least three numbers. Users must change passwords every 60 days, and are warned each time they log in within 10 days of expiration. To prevent even the system administrator from knowing individual passwords, the system is set up to automatically generate new temporary passwords and e-mail them directly to each user. Users must then create their own passwords at the first log-in using the temporary password—subject to the parameters defined in Security Control.
In case of forgotten or compromised passwords, User Maintenance (36.3.1) lets system administrators force an individual user to change the password at next log-in. User Password Force Change Utility (36.3.23.12) makes all users or members of specified groups change their passwords.