Password rules configuration
The Password rules configuration screen allows you to configure rules for user passwords. The default settings for a password are that it needs to be at least six characters long, and the characters can be of any type (that is, capital letters, lower case letters, numbers, punctuation, and spaces). You can change these default settings for the password through this screen.
To access the Password rules configuration screen.
Click on the icon in the top right-hand corner of the screen.
Select Password rules configuration from the drop-down list.
If you change the password rules, the current users in the system will not be affected until they try and change their password.
|Set user accounts to Up for review to force current users to change their password. When they try to sign in to Matrix, they will be asked to change their password according to the new password rules.|
Manage password rules
This section allows you to change the rules for the user passwords.
- Minimum length
The minimum allowable length for a user password. By default, this value is set to
- Disallow user info
Select Yes to restrict user information in a password, such as usernames, first names, and last names.
- Character rules
This section allows you to set rules for specific character types. By default, there are no rules applied to any of the character types. To create a rule:
Select the Active box.
Select Save. Two additional fields will appear as shown in the figure below for the character type of capital letters.
For each character type you can choose to restrict, the following fields will appear:
- Minimum number
The minimum number of this type of character that must be included in the password. For example, in the figure shown above, the minimum number of capital letters is
1. In other words, the user must include at least one capital letter in their password.
- Disallow character type
Check this box to prevent the use of these types of characters in passwords.
- Password history enforcement
Specify the number of unique passwords that must be used on a user account before a previous password can be reused.
Entering a value in this field will enable new passwords to be checked against the password history of a user account. If the new password is not unique when compared to the specified number of previous passwords (for example, the last five used), it will not be accepted.
Deleting a password rule for a character type
To delete a password rule for a character type:
Clear the Active box.
The rule will be removed, and no rules will apply to this character type.
Example of how to set up password rules
To understand how to set up password rules, consider the following example.
This example will create a password rule that requires a password to have at least two lower case letters, two numeric digits, and one punctuation character. It excludes spaces.
To do this:
Go to the Password rules configuration screen.
In the Character rules section, select the Active box for lower case letters, numeric digits, punctuation characters, and spaces.
Select Save. Additional fields will appear.
Enter the following information into the fields provided:
For lower case letters, enter
2into the Minimum number field
For numeric digits, enter
2into the Minimum number field
For punctuation characters, enter
1into the Minimum number field
For spaces, select the Disallow character type field
Select Save. The password rules have now been set for the system.
Password block list
This section allows you to specify words that users cannot use in their passwords.
Specify the words that users cannot use as passwords, for example, your company name. You can add as many words as you like to the list. Separate each word with a new line.
As of version 22.214.171.124, the default blocked password list in Matrix is:
123456789 qwerty 12345678 111111 1234567890 1234567 password 123123 987654321 qwertyuiop mynoob 123321 666666 18atcskd2w 7777777 1q2w3e4r 654321 555555 3rjs1la7qe google 1q2w3e4r5t 123qwe zxcvbnm 1q2w3e
- Exact match
By default, this field is selected, meaning that the system will only stop users using a word from the word list as a password if it’s an exact match. For example, if
grassis specified in the word list and the user uses
longgrassas their password, the system will allow this password. If Exact match is not selected, the system will stop users from using these words within a password. For example, the user would not be able to use
longgrassas the word grass is contained within the password.