Create a password policy for device application logins. Only passwords that meet the
criteria of the policy can be used to access the sensitive artifacts secured inside a
device's data vault.
You can create a password policy as part of an application connection template. Ensure your
developers add enforcement code to the application's data vault.
- Enabled – Set this value to True to enable a password
policy for device applications. By default, this property is set to
True.
- Default Password Allowed – Set this value to True to allow default
passwords. If a default password is allowed in the policy, developers
can create the vault using with a default password, by specifying null
for both the salt and password arguments. By default, this value is set
to False
- Expiration Days – Sets the number of days the existing password can be used before it must
be changed by the user. By default, this value is set to 0, or to never
expire.
- Has Digits | Lower | Special | Upper – Determines what combination of characters must be used to create a
password stringency requirements. The more complex the password, the
more secure it is deemed to be. Set the value to
True to enable one of these password
stringency options. By default they are set to false.
- Lock Timeout – Determines
how
long a successfully unlocked data vault will remain open. When the
timeout expires, the vault is locked, and the user must re-enter the
vault password to resume using the application. Use this property in
conjunction with the Retry Limit.
- Minimum Length – Sets how long the password chosen by the user must be. By default, this
value is set to 8.
- Minimum Unique Characters – Determines how many unique characters must be used in the password. By
default this property is set to 0. For example, if set that the password
has a minimum length of 8 characters, and the number of unique
characters is also 8, then no duplicate characters can be used. In this
instance a password of Sm00the! would fail,
because two zeros were used. However, Smo0the!
would pass because the duplication has been removed.
- Retry Limit – Sets the number of times an incorrect password can be retried before the
data
vault is
deleted.
A deleted vault means that the database encryption key is lost, and all
data in the application is rendered irretrievable. As a result the
application becomes unusable. By default this value is
set to 20.