Password Policy Properties

Table 1. Password Policy Properties and Descriptions
Property	Description
Core > Security > Policy > Alphanumeric Passwords Only	If selected, only alphanumeric passwords are allowed. Otherwise, passwords can contain symbol characters such as % and ^.
Core > Security > Policy > Case Sensitive Passwords	If selected, passwords are case sensitive.
Core > Security > Policy > Case Sensitive Usernames	If selected, user names are case sensitive.
Core > Security > Policy > Enforce Password Policy on Next Login	If selected, password policies are checked and enforced each time the user logs in. If the password does not meet the current policy, users are required to change the password immediately. Select this property if you are changing your password policy and want to make sure all users are immediately compliant with the new policy.
Core > Security > Policy > Maximum Failed Logins	Specify the number of failed logins past which the user account is locked. For example, if you enter 3 for this property, after 3 failed attempts to log in the user account would be locked. Note: This property only applies to users who are not members of the Administrator user group.
Core > Security > Policy > Maximum Password Age	Specify how many days before a password must be changed on the next login.
Core > Security > Policy > Maximum Password Age Warning	Specify how many days prior to reaching the Maximum Password Age the system will send a warning message to users at login that their password is about to expire. For example, to require users to change passwords monthly and to remind them a week before the password expires, set Maximum Password Age to 30 and Maximum Password Age Warning to 7.
Core > Security > Policy > Maximum Password Change Count	Maximum number of times a password can be changed within a certain time window.
Core > Security > Policy > Maximum Password Change Window	Time window (HH:MM:SS) for users to change their password up to the maximum amount.
Core > Security > Policy > Maximum Password Length	Specify the maximum length, in characters of a valid password. Enter 0 for no maximum length.
Core > Security > Policy > Minimum Password Length	Specify the minimum length, in characters, of a valid password. Enter 0 to allow empty passwords. The default value is 8.
Core > Security > Policy > Password History	Specify the number of previous passwords to remember. When users enter a new password, they cannot repeat passwords in this list. If you specify 0, password history is not enforced.
Core > Security > Policy > Password Recycle Age	Specify the minimum number of days before and already used password may be reused. Is you specify 0, passwords may be reused immediately.
Core > Security > Policy > Password Required Character Types	Specify character types that must be included in all passwords. This property depends on other password policy context properties. Options are: Upper case alpha character Lower case alpha character Symbol character Number character By default, all four character types must be used.
Core > Security > Policy > Passwords Combine Numbers and Letters	If selected, passwords must contain at least one letter and one number.
Core > Security > Policy > Passwords Must Not Contain Name	If selected, passwords cannot contain the user's login name as a substring. Note: This property does not apply if users log in with their user IDs (numeric characters). For more information, contact your Trapeze representative.
Core > Security > Policy > Quick Check Timeout	Specify the minimum number of seconds before a full security check is performed (including LDAP and built-in policy checks). If you specify 0, a full check is performed on each request.
Core > Security > Policy > User Must Change Password if Administrator Resets It	If selected, when an administrator sets a user's password, that password must be changed the next time the user logs in.
Core > Security > Policy > Password Hashing > Algorithm	Select the way passwords are hashed and stored in the CoreIdentity table: TCF1 (64-bit hash). Original algorithm used for backward compatibility when older client and server applications that do not support newer algorithms are connected to the same database. PBKDF2 (192-bit hash). Industry-standard password hashing function, used to produce a 192-bit hash incorporating a 192-bit cryptographically random salt. (Default.)
Core > Security > Policy > Password Storage > Algorithm	Applies to stored passwords in context properties and Service Shell profile files. Select one of the following values: AES256 (System key) - Select for stronger encryption using the system key built into the application framework. (Default) AES256 (Private key) - Select for stronger encryption using a randomly generated private key. (Keyfile.bin in the Config folder) This will require manual copying of the Keyfile.bin to other application installation folders if there is more than one installation sharing the same database. Otherwise, the other applications won't be able to decrypt the stored passwords. If this file is lost then the stored passwords will not be retrievable and will have to be re-entered using a new Keyfile.bin. TCF1 - Select this for backward compatibility for older versions that do not have this option. Note: If Core/Security/Policy/Enforce Password Policy on Next is selected, users may need to reset their passwords to meet the default requirements the next time they sign in.
Core > Security > Reset Password > Enable	If selected, users are able to reset their account passwords.
Core > Security > Reset Password > Temporary Password Expiry Window	Specify the amount of time that the temporary password expires (HH:MM:SS format).
Core > Security > Reset Password > Email Subject	Specify the Subject of the email message regarding the password reset sent to the user.
Core > Security > Reset Password > Email Body Template	Set the template of the Body of the email message regarding the password reset sent to the user.

Core > Security > Policy > Alphanumeric Passwords Only

If selected, only alphanumeric passwords are allowed. Otherwise, passwords can contain symbol characters such as % and ^.

Core > Security > Policy > Case Sensitive Passwords

If selected, passwords are case sensitive.

Core > Security > Policy > Case Sensitive Usernames

If selected, user names are case sensitive.

Core > Security > Policy > Enforce Password Policy on Next Login

If selected, password policies are checked and enforced each time the user logs in. If the password does not meet the current policy, users are required to change the password immediately. Select this property if you are changing your password policy and want to make sure all users are immediately compliant with the new policy.

Core > Security > Policy > Maximum Failed Logins

Specify the number of failed logins past which the user account is locked. For example, if you enter 3 for this property, after 3 failed attempts to log in the user account would be locked.

Note: This property only applies to users who are not members of the Administrator user group.

Core > Security > Policy > Maximum Password Age

Specify how many days before a password must be changed on the next login.

Core > Security > Policy > Maximum Password Age Warning

Specify how many days prior to reaching the Maximum Password Age the system will send a warning message to users at login that their password is about to expire. For example, to require users to change passwords monthly and to remind them a week before the password expires, set Maximum Password Age to 30 and Maximum Password Age Warning to 7.

Core > Security > Policy > Maximum Password Change Count

Maximum number of times a password can be changed within a certain time window.

Core > Security > Policy > Maximum Password Change Window

Time window (HH:MM:SS) for users to change their password up to the maximum amount.

Core > Security > Policy > Maximum Password Length

Specify the maximum length, in characters of a valid password. Enter 0 for no maximum length.

Core > Security > Policy > Minimum Password Length

Specify the minimum length, in characters, of a valid password. Enter 0 to allow empty passwords. The default value is 8.

Core > Security > Policy > Password History

Specify the number of previous passwords to remember. When users enter a new password, they cannot repeat passwords in this list. If you specify 0, password history is not enforced.

Core > Security > Policy > Password Recycle Age

Specify the minimum number of days before and already used password may be reused. Is you specify 0, passwords may be reused immediately.

Core > Security > Policy > Password Required Character Types

Specify character types that must be included in all passwords. This property depends on other password policy context properties. Options are:

Upper case alpha character
Lower case alpha character
Symbol character
Number character

By default, all four character types must be used.

Core > Security > Policy > Passwords Combine Numbers and Letters

If selected, passwords must contain at least one letter and one number.

Core > Security > Policy > Passwords Must Not Contain Name

If selected, passwords cannot contain the user's login name as a substring.

Note: This property does not apply if users log in with their user IDs (numeric characters).

For more information, contact your Trapeze representative.

Core > Security > Policy > Quick Check Timeout

Specify the minimum number of seconds before a full security check is performed (including LDAP and built-in policy checks). If you specify 0, a full check is performed on each request.

Core > Security > Policy > User Must Change Password if Administrator Resets It

If selected, when an administrator sets a user's password, that password must be changed the next time the user logs in.

Core > Security > Policy > Password Hashing > Algorithm

Select the way passwords are hashed and stored in the CoreIdentity table:

TCF1 (64-bit hash). Original algorithm used for backward compatibility when older client and server applications that do not support newer algorithms are connected to the same database.
PBKDF2 (192-bit hash). Industry-standard password hashing function, used to produce a 192-bit hash incorporating a 192-bit cryptographically random salt. (Default.)

Core > Security > Policy > Password Storage > Algorithm

Applies to stored passwords in context properties and Service Shell profile files. Select one of the following values:

AES256 (System key) - Select for stronger encryption using the system key built into the application framework. (Default)
AES256 (Private key) - Select for stronger encryption using a randomly generated private key. (Keyfile.bin in the Config folder)

This will require manual copying of the Keyfile.bin to other application installation folders if there is more than one installation sharing the same database. Otherwise, the other applications won't be able to decrypt the stored passwords. If this file is lost then the stored passwords will not be retrievable and will have to be re-entered using a new Keyfile.bin.
TCF1 - Select this for backward compatibility for older versions that do not have this option.

Note: If Core/Security/Policy/Enforce Password Policy on Next is selected, users may need to reset their passwords to meet the default requirements the next time they sign in.

Core > Security > Reset Password > Enable

If selected, users are able to reset their account passwords.

Core > Security > Reset Password > Temporary Password Expiry Window

Specify the amount of time that the temporary password expires (HH:MM:SS format).

Core > Security > Reset Password > Email Subject

Specify the Subject of the email message regarding the password reset sent to the user.

Core > Security > Reset Password > Email Body Template

Set the template of the Body of the email message regarding the password reset sent to the user.