Default account policies

Default account policies

WebSphere Commerce provides two default account policies: Shoppers, Administrators.

Shoppers

This is the default account policy for customers. It contains the default account lockout policy and default password policy for customers.
The default account lockout policy for customers contains the following default attributes:

Attribute Default value

Account lockout threshold 6 attempts
Consecutive unsuccessful login delay 10 seconds

Attribute	Default value
Account lockout threshold	6 attempts
Consecutive unsuccessful login delay	10 seconds

The default password policy for customers contains the following default attributes:

Attribute	Default value
Whether the user ID and password can match	N (no, they cannot match)
Maximum occurrence of consecutive characters¹	3 characters
Maximum instances of any character	4 instances
Maximum lifetime of the passwords	180 days
Minimum number of alphabetic characters	1 alphabetic character
Minimum number of numeric character	1 numeric character
Minimum length of password	6 characters
Whether the user's previous password can be reused	N (no, it cannot be reused)
¹ For example, a password of 123xyXYZ is valid, but a password of 1234xyXYZ is not since "1234" is more than three consecutive characters.

Customers that perform self-registration are assigned the Shoppers policy.

Administrators

This is the default account policy for administrators. It contains the default account lockout policy and default password policy for administrators.

The default account lockout policy for administrators contains the following default attributes:

Attribute	Default value
Account lockout threshold	3 attempts
Consecutive unsuccessful login delay	20 seconds

The default password policy for administrators contains the following default attributes:

Attribute	Default value
Whether the user ID and password can match	N (no, they cannot match)
Maximum occurrence of consecutive characters	3 characters
Maximum instances of any character	4 instances
Maximum lifetime of the passwords	90 days
Minimum number of alphabetic characters	1 alphabetic character
Minimum number of numeric character	1 numeric character
Minimum length of password	8 character
Whether the user's previous password can be reused	N (no, it cannot be reused)

The default wcsadmin administrator user that is shipped with WebSphere Commerce is assigned the Administrators policy.

Related concepts

Authentication policies

Authorization

Related tasks

Set up an account policy

Set up an account lockout policy

Enhancing site security