Password Policy

Software Risk Manager can be configured to have new/edited local user passwords meet certain requirements.

The defaults for SRM’s password requirements are listed below; however, requirements can be specified by setting the appropriate properties:

• local-password-policy.minimum-length = 12 - Require a minimum length [default: 12].
• local-password-policy.maximum-length = 1048576 - Require a maximum length [default: 1048576].
• local-password-policy.contains-lowercase = false - Require a lowercase character [default: true].
• local-password-policy.contains-uppercase = false - Require an uppercase character [default: true].
• local-password-policy.contains-number = false - Require a number [default: true].
• local-password-policy.contains-special-character = false - Require a special character (e.g. $ ! # %) [default: true].
• local-password-policy.common-check.enabled = true - Require passwords to be distinct from an internal set of known compromised passwords [default: true].
• local-password-policy.unique-password-check.enabled = true - Require passwords to be distinct from the last n previously used passwords, where n is configurable [default: true].
  • local-password-policy.unique-password-check.num-to-check = 10 - The last n previous passwords to prohibit a user from setting as their password [default: 10].
• local-password-policy.reset-on-first-login = true - Require that users set a new password when logging in for the first time [default: true].
• local-password-policy.reset-after-admin-sets-password = true - Require that users set a new password when an admin resets their password [default: true].
• local-password-policy.max-password-age = 12 months - Require that users set a new password after a set amount of time since it was last reset. This can be disabled by setting a value of 0 [default: 12 months].