System Password Trapeze6 Properties

Password properties allow you to enforce your organization's password security policies by specifying the rules that the system should follow.

These rules can include things such as the number and types of characters that are allowed and the frequency at which users must change their passwords.

Table 1. Description of System Password Properties
PropertyDescription
Core > Security > Policy > Alphanumeric Passwords Only Specifies whether only alphanumeric characters are allowed in passwords.

If cleared, symbols (e.g., % , ^, and _) are allowed in passwords.

Core > Security > Policy > Case Sensitive Passwords Specifies whether passwords are case-sensitive.
Core > Security > Policy > Enforce Password Policy on Next Login Specifies whether password policies are checked and enforced each time a user logs in.

If a user types the correct password but the password does not meet the current password policies, the user must type a new password.

Core > Security > Policy > Maximum Failed Logins

Specifies the number of failed log in attempts after which the user is locked out. A system administrator must unlock the account before the user can log in again.

This property only applies to users who are not members of the Administrator user group.
Core > Security > Policy > Maximum Password Age Specifies the maximum age of a password in days. Passwords older than this value must be changed at the next log in.
Core > Security > Policy > Maximum Password Age Warning Specifies the number of days before the system starts to warn users at log in that their passwords are about to expire.
Core > Security > Policy > Maximum Password Length Specifies the maximum number of characters for a valid password.

If the value is zero (0), there is no maximum password length.

Core > Security > Policy > Minimum Password Length Specifies the minimum number of characters for a valid password.

If the value is zero (0), empty passwords are allowed.

Core > Security > Policy > Password History Specifies the number of previous passwords saved by the system. A user cannot type a new password if it is in this list.

If the value is zero (0), no password history is enforced.

Core > Security > Policy > Password Recycle Age Specifies the minimum number of days before an already used password can be reused.

If the value is zero (0), a password can be reused immediately.

Core > Security > Policy > Passwords Combine Numbers and Letters Specifies whether passwords must contain at least one letter and one number.
Core > Security > Policy > Passwords Must Not Contain Name

Specifies whether passwords cannot contain the login name as a substring in any mixed case.

This property does not apply if users log in with their user IDs (numeric characters). For more information, contact your Trapeze representative.
Core > Security > Quick Check Timeout Specifies the minimum number of seconds before a full security check is performed (including LDAP calls or built-in policy checks).

If the value is 0, then a full check is performed on each request.

Core > Security > User Must Change Password if Administrator Resets It If selected and the system administrator has set a user's password, the user must change the password the next time that he or she logs in.
Core > Security > Policy > Password Hashing > Algorithm

Sets how passwords are hashed and stored in the CoreIdentity table.

The options are:
  • TCF1 (64-bit hash) - (This is the default.) Used when backward compatibility is required for earlier client and server applications that connect to the same database and that do not support the newer algorithms.
  • PBKDF2 (192-bit hash) - Preferred algorithm when backward compatibility is not required. This is an industry standard password hashing function.