Complexity Requirements
By default, a user can specify any type of password. This means that a user's password can be very insecure (e.g., no password) or extremely secure. Although some users may have secure passwords, those users that have a weak password compromise all content that they can access. To ensure a minimum level of security, you can require that users create passwords that meet a minimum level of complexity. When determining how complex passwords must be, you can use a predefined complexity level or you can tailor the settings to meet your organization's needs. The settings that determine the minimum password complexity level are explained below.
- You can determine if a password can contain the name of the user that is setting the password. A password that contains a user's name is considered weak and can be easily defeated.
Note: User names that contain fewer than three characters are not affected by this option.
- You can specify the minimum number of characters that a password must contain. Short passwords are easier to defeat than long ones. At the same time, users may not be comfortable remembering long passwords. This may lead to users writing down their password where others may see it. Therefore, you will need to find a password length that is relatively secure without being too cumbersome for users to remember.
- You can require that a password use multiple types of characters. A password is considered to use a character set when one or more characters in that set are used in the password. The password "My1stPassword!" uses all four character sets. The use of multiple types of characters makes it harder for a hacker to figure out a user's password. A list of the available character sets is provided below.
- English uppercase letters (i.e., A - Z)
- English lowercase letters (i.e., a - z)
- Numbers (i.e., 0 - 9)
- Non-alphanumeric characters (e.g., !, @, $, etc.)
Note: Although you may require that new passwords consist of multiple character sets, you cannot specify which character sets must be used.
To set password complexity settings
-
- In the console tree, expand the desired Laserfiche Server item.
- Select the desired Laserfiche repository.
- If security has been enabled on the selected repository, log in as any user who has been granted the Manage Repository Configuration privilege.
- Expand the
Repository Options item. - Click the Password Policy item.
- From the Action
menu, click Properties. The Password
Policy Properties
dialog box will appear.
- On the Complexity tab, do one of the following:
- To enforce no password complexity, set the Current level of security option to "None."
- Set the password complexity to a predefined level. Choose either "Moderate" or "High" from the Current level of security option.
- To customize password complexity settings, click Custom. The Customize Password Complexity dialog box will appear. Do the following:
- From the Minimum number of character sets option, select the minimum number of character sets that must be used in a new password.
- To make sure that users only set passwords that meet or exceed a particular length, select the Set a minimum password length check box. In the Minimum password length option, select the minimum number of characters that a password must contain.
- To prevent users from using their name as a part of the password, select the Reject passwords containing the user name check box.
- Click OK.
- The Password Policy Properties dialog box will summarize the selected password complexity settings for your review. Click OK to save your changes.
To set password complexity settings
- Start the Laserfiche Web Administration Console.
- Select the desired Laserfiche Server.
- Select the desired Laserfiche repository.
- Log in as any user who has been granted the Manage Repository Configuration privilege.
- Under Accounts, click Laserfiche Users/Groups.
- Click Password Policy, in the upper right above the list of users. Click to view screenshot.
- Under Complexity, do one of the following:
- To enforce no password complexity, set the Current level
of security option to "None." Click to view screenshot.
- Set the password complexity to a predefined level. Choose either "Moderate" or "High" from the Current level of security option.
- To customize password complexity settings, click Custom. Do the following:
- From the Minimum number of character sets option, select the minimum number of character sets that must be used in a new password.
- To make sure that users only set passwords that meet or exceed a particular length, select the Set a minimum password length check box. In the Minimum password length option, select the minimum number of characters that a password must contain.
- To prevent users from using their name as a part of the password, select the Reject passwords containing the user name check box.
- Click OK to save your changes.