Open Site Navigation
  • Shawn McKinney

What are Password Policies?


DEFINED

A set of rules surrounding the content, quality and lifecycle of a password.

WHAT ARE THEY FOR?

Helps to safeguard the integrity of password values within a particular security domain. With moves toward Multi-Factor Authentication (MFA) and other biometric authentication measures one can make the argument that the password’s days are numbered. Nevertheless they remain in use widely today and will continue for the foreseeable future.

HOW DO THEY WORK?

Define a set of rules to be enforced during a password lifecycle event. An example of a lifecycle event is authentication, password change and password expiration. There are a few standards that govern how systems should behave in this area.

IETF PASSWORD POLICIES

Apache Fortress adheres to IETF Password Policy Draft. While this draft was never formally adopted it has traction within the various directory implementations and remains the de facto standard today.

PASSWORD POLICY ENFORCEMENT

Password enforcement options include:

  1. A configurable limit on failed authentication attempts.

  2. A counter to track the number of failed authentication attempts.

  3. A time frame in which the limit of consecutive failed authentication attempts must happen before action is taken.

  4. The action to be taken when the limit is reached. The action will either be nothing, or the account will be locked.

  5. An amount of time the account is locked (if it is to be locked) This can be indefinite.

  6. Password expiration.

  7. Expiration warning

  8. Grace authentications

  9. Password history

  10. Password minimum age

  11. Password minimum length

  12. Password Change after Reset

  13. Safe Modification of Password

  14. Password Policy for LDAP Directories

32 views0 comments

Recent Posts

See All

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well understood. Both OpenLDAP and LMDB’s scaling characteristics are

Please note that the certificates must be in a pem format (.pem or .crt). You will need three certificates: Root CA certificate, server certificate (with the fqdn of server in subject line or in the s

  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2022, Symas Corporation. All rights reserved. Privacy Statement (updated Sept. 9, 2021)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA