With each OnBase installation, two pre-defined password policies are created by default to help establish good security practices. The High Security policy is created as the recommended level of security, and the Medium Security policy is applied as the default password policy if no default password policy is defined for your system. These policies cannot be modified or deleted.
The Medium Security policy enforces the following rules:
-
Passwords must be a minimum length of 8 characters
-
No more than 2 characters can be repeated consecutively
-
Passwords expire the first time users log on
-
Accounts are locked after 5 failed attempts to log on
-
Locks on accounts with too many failed attempts to log on are released after 15 minutes
-
Accounts are locked after they are idle for 180 days
The High Security policy enforces the following rules:
-
User names cannot be embedded in passwords
-
Passwords must be a minimum length of 15 characters
-
No more than 2 characters can be repeated consecutively
-
Passwords cannot be reused within 5 password changes
-
Passwords cannot be changed more than once within 24 hours
-
Passwords expire every 180 days
-
Passwords expire the first time users log on
-
Accounts are locked after 5 failed attempts to log on
-
Administrators must manually release locks on accounts with too many failed attempts to log on
-
Accounts are locked after they are idle for 60 days