Secure > Enhance site security


Set up a password policy

The Password Policy page of the Administration Console allows you to control a user's password selection in order to define the characteristics of the password to ensure that it complies with the security policy for the site. This page lists all existing password policies including any predefined ones supplied with WebSphere Commerce by default.

A password policy defines attributes with which the password must comply:

You can manage password policies...


Procedure

  1. Open the Administration Console and select Site on the Administration Console Site/Store Selection page.

  2. Click Security > Password Policy. The Password Policy page is displayed.

  3. Click New to create a new password policy.

  4. Enter a name for the password policy in the Name field (for example, my_password_policy).

  5. Update the following as required to modify any of the values from the default value for customers:

    Option Description
    Can the userID and password match? Defines whether the userID and password can be identical or not. Select either Yes or No from the list.
    Maximum consecutive character types Defines the maximum occurrence of consecutive characters in a password. The minimum value is 2 consecutive characters. For example, with a value of 2, a user cannot enter a password such as aaabc.
    Maximum instances of any character. Defines the maximum number of times the same character can appear in a password. The minimum value is 1 instance of a character. For example, with a value of 2, a user cannot enter a password such as abcaabc.
    Maximum lifetime of the passwords. Defines the maximum amount of time, in days, that a password can exist. The minimum value is 1 day. After this time period, a user is prompted to change their password.
    Minimum number of alphabetic characters Defines the minimum number of alphabetic characters that need to be in a password. The minimum value is 0 alphabetic characters.
    Minimum number of numeric characters Defines the minimum number of numeric characters that need to be in a password. The minimum value is 0 numeric characters.
    Minimum length of password Defines the smallest length of a password, in characters. The minimum value is 1 character.
    Numbers of passwords that are kept in password history Defines the number of previous passwords to check against when the user selects a new password.

    By default, when you create a new password policy, a user's four previous passwords cannot be reused.

  6. Click OK.

    Notes:

    1. You cannot delete a password policy if it is in use (that is, a user is assigned to the password policy).

    2. Password policies are enforced only if users are authenticated against the WebSphere Commerce database.
    See Default authentication policies for additional information.


+

Search Tips   |   Advanced Search