Password rules configuration

The Password rules configuration screen allows you to configure rules for user passwords. The default settings for a password are that it needs to be at least six characters long, and the characters can be of any type (that is, capital letters, lower case letters, numbers, punctuation, and spaces). You can change these default settings for the password through this screen.

To access the Password rules configuration screen.

  1. Click on the System configuration icon in the top right-hand corner of the screen.

  2. Select Password rules configuration from the drop-down list.

If you change the password rules, the current users in the system will not be affected until they try and change their password.

Set user accounts to Up for review to force current users to change their password. When they try to sign in to Matrix, they will be asked to change their password according to the new password rules.

Manage password rules

This section allows you to change the rules for the user passwords.

Minimum length

The minimum allowable length for a user password. By default, this value is set to 6.

Disallow user info

Select Yes to restrict user information in a password, such as usernames, first names, and last names.

Character rules

This section allows you to set rules for specific character types. By default, there are no rules applied to any of the character types. To create a rule:

  1. Select the Active box.

  2. Click Save. Two additional fields will appear as shown in the figure below for the character type of capital letters.

    5 0 0 capital letter character type character rules section

    For each character type you can choose to restrict, the following fields will appear:

    Minimum number

    The minimum number of this type of character that must be included in the password. For example, in the figure shown above, the minimum number of capital letters is 1. In other words, the user must include at least one capital letter in their password.

    Disallow character type

    Check this box to prevent the use of these types of characters in passwords.

    Password history enforcement

    Specify the number of unique passwords that must be used on a user account before a previous password can be reused.

    Entering a value in this field will enable new passwords to be checked against the password history of a user account. If the new password is not unique when compared to the specified number of previous passwords (for example, the last five used), it will not be accepted.

Deleting a password rule for a character type

To delete a password rule for a character type:

  1. Clear the Active box.

  2. Click Save.

The rule will be removed, and no rules will apply to this character type.

Example of how to set up password rules

To understand how to set up password rules, consider the following example.

This example will create a password rule that requires a password to have at least two lower case letters, two numeric digits, and one punctuation character. It excludes spaces.

To do this:

  1. Go to the Password rules configuration screen.

  2. In the Character rules section, select the Active box for lower case letters, numeric digits, punctuation characters, and spaces.

  3. Click Save. Additional fields will appear.

    5 0 0 character rules example
  4. Enter the following information into the fields provided:

    • For lower case letters, enter 2 into the Minimum number field

    • For numeric digits, enter 2 into the Minimum number field

    • For punctuation characters, enter 1 into the Minimum number field

    • For spaces, select the Disallow character type field

  5. Click Save. The password rules have now been set for the system.

Password block list

This section allows you to specify words that users cannot use in their passwords.

Wordlist

Specify the words that users cannot use as passwords, for example, your company name. You can add as many words as you like to the list. Separate each word with a new line.

As of version 5.4.2.0, the default blocked password list in Matrix is:

123456789
qwerty
12345678
111111
1234567890
1234567
password
123123
987654321
qwertyuiop
mynoob
123321
666666
18atcskd2w
7777777
1q2w3e4r
654321
555555
3rjs1la7qe
google
1q2w3e4r5t
123qwe
zxcvbnm
1q2w3e
Exact match

By default, this field is selected, meaning that the system will only stop users using a word from the word list as a password if it’s an exact match. For example, if grass is specified in the word list and the user uses longgrass as their password, the system will allow this password. If Exact match is not selected, the system will stop users from using these words within a password. For example, the user would not be able to use longgrass as the word grass is contained within the password.

© 2015- Squiz Pty Ltd