Manage Password Policy

Password policy defines the rules for password creation. The policy is applied to a user account creation and during password change.  has default password policy. The administrator can modify the password rules to enforce password complexity in .
apip42
Password policy defines the rules for password creation. The policy is applied to a user account creation and during password change. 
API Developer Portal
 has default password policy. The administrator can modify the password rules to enforce password complexity in 
API Developer Portal
.
Create or Edit an Authentication Scheme
The authentication scheme includes configuration of authentication provider and password policy.  
To edit Define policies to enforce users to employ strong passwords.
  1. Log in as an administrator.
  2. Select 
    Administration
    .
  3. Select
     
    Authentication
    .
    The Authentication Schemes page appears.
  4. Locate the "CA Technologies Developer Network" default scheme. Select the down arrow in the 
    Actions
     section and select
    Edit
    .
    The Providers page appears.
  5. Select 
    Next
    .
    The Password Policy page appears. 
  6. Configure password syntax requirements, lockout behavior, and the password change policy.
  7. Select 
    Save
    .  
Configure the Password Policy
Set any of the following requirements for the password syntax:
  • Minimum Password Length – between 8 and 60.
  • Maximum Password Length – between 8 and 60
  • Number of Uppercase Characters
  • Number of Lowercase Characters
  • Number of Numeric Characters
  • Number of Special Characters
To remove any of the requirements, clear the corresponding checkbox. A password must have a minimum and maximum length.
pswdPolicy.png
Configure the Account Lockout Policy
Define the Account Lockout Policy as follows:
  • Maximum Failed Attempts
    Set the maximum number of allowed login attempts to safeguard against brute-force, or attempts to guess passwords. After the specified number of consecutive attempts, the user account is locked. By default, the value is set to 5.
Configure the Password Change Policy
RelNote4.2.7.png
Define the password change policy as follows:
  • Password Expiry
    Set the duration in days after which the password expires. By default the password expiry policy is disabled. You can set the value from 1 to 365 days.
  • Password History
    Specify the count to restrict the reuse of previous passwords. By default the password history policy is disabled. You can set the count from 1 to 5.
  • Limit Forgot Password Attempts
    Set the limit for sending the auto-generated email to the user for continuously attempting to recover the password within one hour. For example, you enter this limit as five. The user clicks the Forgot Password button from the login page for more than five times within one hour. He or she receives the auto-generated email for the first five times only. This feature ensures enhanced security and also prevents email spamming. You can set the count from 1 to 10.