Default Password Policies for RapidIdentity
RapidIdentity has its own default password policy set up to keep environments secure. With a good password management system, Administrators can improve on these defaults by including extra criteria for authentication.
The existing policies are as follows:
| Policy | Default Value | Definition |
|---|---|---|
| Required Character Sets | 4 | At least one character from each standard character type (Lowercase a-z, Uppercase A-Z, Special Characters !"#$%&'()*+,-./:;=?@^_, digits 0-9. |
| Minimum Length | 8 | The minimum length a password is required to be in order to be accepted as valid. |
| Maximum Length | 255 | The maximum length a password can be to function within the system. |
| Max Failure | 5 | Locks a user out after 5 incorrect passwords have been entered. |
| Failed Attempts Within | 5 min | Time duration that the Failed Login Attempts must occur within to trigger a lockout. |
| Lockout Duration | 0 | A user that has been locked out for incorrect passwords will remain locked out indefinitely until an Administrator attends to the issue. |
| Password Must Change | TRUE | Each time a user is required to change their password, a different password must be chosen from the previous entry. |
| Password Allow User Change | TRUE | Users can for change their own passwords when needed if not locked out. |
| Matching Attributes | Set | Users can not include account attributes in their passwords, such as firstName, lastName, username, etc. |
Recommended Ways to Improve Password Security:
- Use Multi-Factor Authentication policies for the majority of users (WebAuthn, Pictograph, PingMe, etc.)
- Enforce a stronger password standard by requiring more characters (10 or more) and more characters of each type (3 special characters, uppercase or numbers)
- Creating a restricted list of passwords to be automatically excluded from user accounts during verification (mascots, school names, town name, etc.)