Password Policy
What is a Password Policy?
A password policy is a set of rules and requirements established by an organization or system to govern how users create and manage their passwords.
The purpose of a password policy is to enhance security by promoting the use of strong, unique passwords and minimizing the risk of unauthorized access.
In Cymmetri, only the admin can create a password policy bby navigating to the authentication section and then in password policy.
Upon landing the user can view a default Cymmetri password policy which cant be deleted or deactivated.
To create a new password policy, the admin clicks on the add new button on the top right corner of the page.
The user has to fill in the password policy form with the below details
Policy Name - Name of the policy
Description
Conditional attribute type - Default - User (Non modifiable)
Conditional attribute Name - Default - User Type (Non modifiable)
Conditional attribute value - ( Consultant, Employee, Vendor)
After saving the detail, a new password policy is created. The next step is to define the password policy. This is done by clicking on the edit button in front of the record.
The admin can define the composition of the password. By rejecting
Password equals Password
Password which equals to LoginID
Password which equals to first or Last Name
Blacklisted Password
The admin can also establish the following parameters
Numeric characters minimum count
Password Length
Special characters count
Password History versions
Alpha characters
Uppercase characters
Lowercase characters
Characters not allowed in the password
In the "change" subsection the admin can also define:
Password expiration days
Password expiration warning from (no of days)
Whether to change password on reset
Blacklisted Password
The administrator also has the capability to set prohibited passwords, preventing users from using those specific passwords.