The User password policy allows you to set the minimum password length, password history, and set lockout and expiration rules.

Default User password policy

The default User password policy is set to:

  • The minimum password length is 8 characters
  • Password is set to never expire
  • The last 4 passwords can't be reused
  • User account lockout policy is not set up (the user is not locked out regardless of the number of unsuccessful login attempts)
  • Passwords must not contain a username, SamAccountName or email address.
    Note: You can look up SamAccountName by navigating to Users > click on user's name > click on Display name > See Domain\User Name > the Username part. SamAccountName is constructed at the time of user creation and consists of a part of their UPN (primary email address) before the @ sign, plus "_" (underscore symbol) + Account name. The maximum size of SamAccountName is 20 characters. The Account name may get truncated due to this limitation. SamAccountName and Full Name are parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the SamAccountName or Full Name is split and each section is verified as not included in the password. There is no check for any individual character or any three characters in succession.
  • Password must contain characters from 3 of the following categories:
    • English uppercase characters (A-Z)
    • English lowercase characters (a-z)
    • Numbers (0-9)
    • Special characters (e.g., ! $ # %)

Custom User password policy

You can set up a custom password policy for users on your account in Control Panel under Account > Security Policies > User Password Policy or under Users > Password Policies > User Password Policy. You can change the first 4 options of the default policy. Custom Password Policy cannot be less complicated than the default one.

When the page is opened for the first time, you will see the default policy settings:

Changing any of the settings will result in custom policy creation. You can reset the settings to default at any time at the bottom of the page.

Force All Users to Change Password

You can force users to change the password on the next login.

Prevent users from choosing compromised passwords

A check is performed on whether a password has been involved in a data breach.

Prevent users from changing their own passwords

By default, all users have the ability to reset/recover their passwords.

If the Prevent users from changing their own password toggle switch are on, it will result in the following:

  • Users will not have permission to reset/recover their password
  • Password expiration email notifications are no longer sent, regardless of whether the Prevent users from changing their own password toggle switch is on or off. This applies to both account admins and users.

Note: the settings apply to all users. If you want to restrict specific user(s) to change the password it can be done on the individual user's settings page. Read the Knowledge article How Do I Manage User Password Settings?  for more information.

Set minimum password length

The default minimum length is 8. The custom length can be between 8-127 characters.

Set passwords to expire

Important: setting a password expiration policy applies immediately, including for users with existing expiration dates. For example, if a 90-day expiration is set, passwords older than 90 days will expire immediately.

Passwords can be set to expire after X days (minimum value = 30, maximum value = 365).

If you enable password expiration, you can check the expiration date for an individual user by navigating to Control Panel > Users > Click on Display Name of the user > Edit User Password Settings.

Limit password reuse

By default, the last 4 passwords can't be reused.

Set a locked account policy

By default, user accounts are not locked regardless of the number of unsuccessful login attempts.

The number of unsuccessful login attempts can be set (minimum value = 1, maximum value = 7).
The number of minutes an account automatically unlocks after can be set (minimum value = 30, maximum value = 999).

If you choose to unlock the user Manually, they will receive the following notification once locked (in a web application):

To unlock the user, go to Control Panel > Users > click on a user > click Unlock. You will need to have a Technical Administrator role assigned to you with permission granted to manage one of the services that gives access to the Users tab, i.e. UNIVERGE BLUE® SHARE or UNIVERGE BLUE® CONNECT.

A Partner account contact will need to have an Operators or Owners role assigned in the Partner Portal to be able to unlock the user.


See an example of a custom policy below:

Is this answer helpful?

Haven't found what you're looking for? Search the Support Center!
Print Article
Article Information

Article ID: 11296

Last updated on: 02/14/2025 10:59 AM

Product: {{item.Name}}{{$index < (answer.Products.length-1) ? ', ' : ''}}

Partner Article

Tags: {{item.trim()}}{{$index < (answer.Keywords.length-1) ? ', ' : ''}}

Attachments:
Related Articles