To manage passwords, go to the Manage Passwords tab in the Security subsection:
To check API user passwords, set the parameters:
Minimum Password Length (in characters). Set minimum password length in characters. The minimum password length by default is five characters. The box is mandatory.
Password must Contain Lowercase and Uppercase Letters. Select the checkbox to deny using same-case letters in password.
Password must Contain Numbers. Select the checkbox to force use numbers in password.
Password must Contain Special Characters. Select the checkbox to force use at least one special character in password (,.<>/?;:'"[]{}\`~!@#$%^&*()-_+= ").
After executing the operations the requirements for password check are set when password is changed by API user.
To set API user password for the first time, use the Password box in API user parameters.
To limit API user password validity, set the parameters:
Maximum Password Validity (days). Set the maximum password validity in days from 1 to 365, after which the API user must change password. The box is mandatory.
Minimum Password Validity (days). Set the minimum password validity in days from 1 to 365, during which the API user must not change password.
After executing the operations a limitation for password validity is set for all API users.
Password validity starts from password change date. Depending on password change date, the password expiration date is calculated, after which the user will be denied access to the system. When password validity is changed, expiration date is calculated for all API users. The user with expired password validity is not authorized and gets an appropriate message.
To limit password validity for a specified API user, use the Maximum Password Validity box in API user parameters.
To check password on password change by API user, set the parameters:
Check Minimum Difference between New and Old Password (in characters). Set a limit on match between old and new password in characters.
Check if New Password Matches the Old One (number of passwords). Set the number of stored old user passwords, which cannot be reused when changing password to a new one.
Password check also includes checking requirements to password complexity.
See also: