The repository administrator is responsible for defining a password policy to ensure that passwords are sufficiently secure and changed at appropriate intervals. To modify the password policy, connect to the repository and select .
The password policy allows you to set various parameters for password format and duration of validity:
| Setting | Description |
|---|---|
| Password length | Specifies the minimum and maximum permitted length of passwords. This option cannot be disabled. The minimum minimum length for a password is 6 characters. |
| Password must contain | Specifies that passwords must contain at least one of each of the character types selected. |
| Disallow reuse of previous x passwords | Prevents users from reusing the specified number of old passwords. |
| Enforce changing of passwords after x days | Requires that users change their passwords after the specified number of days. |
| Block inactive users after x days without connection | Blocks users if they try to log in after the specified number of days of inactivity. |
| Temporarily block users for x minutes after y failures to log in | Blocks users for the specified number of minutes if they submit an invalid combination of username and password the specified number of times. |
| Temporary passwords issued by an administrator are valid for x days | Specifies the period for which temporary passwords (which are issued when a user is created or unblocked) are valid. Users attempting to use a temporary password after this time will be blocked. |
Changes made to the policy take effect immediately. If your policy becomes more restrictive, users whose passwords are no longer compliant will be instructed to change their password when next they connect.