Password Policy Properties

Create a password policy for device application logins. Only passwords that meet the criteria of the policy can be used to access the sensitive artifacts secured inside a device's data vault.

You can create a password policy as part of an application connection template. Ensure your developers add enforcement code to the application's data vault.
  • Enabled – Set this value to True to enable a password policy for device applications. By default, this property is set to True.
  • Default Password Allowed – Set this value to True to allow default passwords. If a default password is allowed in the policy, developers can create the vault using with a default password, by specifying null for both the salt and password arguments. By default, this value is set to False
  • Expiration Days – Sets the number of days the existing password can be used before it must be changed by the user. By default, this value is set to 0, or to never expire.
  • Has Digits | Lower | Special | Upper – Determines what combination of characters must be used to create a password stringency requirements. The more complex the password, the more secure it is deemed to be. Set the value to True to enable one of these password stringency options. By default they are set to false.
  • Lock Timeout – Determines how long a successfully unlocked data vault will remain open. When the timeout expires, the vault is locked, and the user must re-enter the vault password to resume using the application. Use this property in conjunction with the Retry Limit.
  • Minimum Length – Sets how long the password chosen by the user must be. By default, this value is set to 8.
  • Minimum Unique Characters – Determines how many unique characters must be used in the password. By default this property is set to 0. For example, if set that the password has a minimum length of 8 characters, and the number of unique characters is also 8, then no duplicate characters can be used. In this instance a password of Sm00the! would fail, because two zeros were used. However, Smo0the! would pass because the duplication has been removed.
  • Retry Limit – Sets the number of times an incorrect password can be retried before the data vault is deleted. A deleted vault means that the database encryption key is lost, and all data in the application is rendered irretrievable. As a result the application becomes unusable. By default this value is set to 20.
Parent topic: Application Connection Properties