Default account policies

Default account policies

WebSphere Commerce provides two default account policies: Administrators and Shoppers.

Administrators account policy
This policy is the default account policy for administrators. This policy defines the default account lockout policy and default password policy.
The default account lockout policy contains the following attributes:

Attribute Default value
Account lockout threshold
Note: Account lockout does not work with LDAP enabled.
3 attempts
Consecutive unsuccessful login delay 20 seconds

The default password policy contains the following attributes:

Attribute Default value
Whether the user ID and password can match N (no, they cannot match)
Maximum occurrence of consecutive characters 3 characters
Maximum instances of any character 4 instances
Maximum lifetime of the passwords 90 days
Minimum number of alphabetic characters 1 alphabetic character
Minimum number of numeric characters 1 numeric character
Minimum length of password 8 character
Number of previous passwords to check against when the user selects a new password 4 passwords
The default wcsadmin administrator user that is shipped with WebSphere Commerce is assigned the Administrators policy.

Shoppers account policy
This policy is the default account policy for customers who shop on the store. This policy contains the default account lockout policy and default password policy for our customers.
The default account lockout policy for customers contains the following default attributes:

Attribute Default value
Account lockout threshold
Note: Account lockout does not work with LDAP enabled.
6 attempts
Consecutive unsuccessful login delay 10 seconds

The default password policy for customers contains the following default attributes:

Attribute Default value
Whether the user ID and password can match N (no, they cannot match)
Maximum occurrence of consecutive characters¹ 3 characters
Maximum instances of any character 4 instances
Maximum lifetime of the passwords 180 days
Minimum number of alphabetic characters 1 alphabetic character
Minimum number of numeric characters 1 numeric character
Minimum length of password 6 characters
Number of previous passwords to check against when the user selects a new password 1 password

¹ For example, a password of 123xyXYZ is valid, but a password of 1234xyXYZ is not since "1234" is more than three consecutive characters.
Customers that complete self-registration are assigned the Shoppers policy.

Attribute	Default value
Account lockout threshold Note: Account lockout does not work with LDAP enabled.	3 attempts
Consecutive unsuccessful login delay	20 seconds

Attribute	Default value
Whether the user ID and password can match	N (no, they cannot match)
Maximum occurrence of consecutive characters	3 characters
Maximum instances of any character	4 instances
Maximum lifetime of the passwords	90 days
Minimum number of alphabetic characters	1 alphabetic character
Minimum number of numeric characters	1 numeric character
Minimum length of password	8 character
Number of previous passwords to check against when the user selects a new password	4 passwords

Attribute	Default value
Account lockout threshold Note: Account lockout does not work with LDAP enabled.	6 attempts
Consecutive unsuccessful login delay	10 seconds