Updated: July 25, 2024 2:07pm

Password Policies
You can customize the policies that users must follow when creating and changing passwords using the following settings. 

Setting Description
Enforce strong password

If selected, a "strong" password is required. In Prism 2.3 and later you can customize the requirements for the "Enforce Strong Password" feature:

  • Password Minimum Length: Enter the desired minimum length of new passwords.
  • Password Requires Special Characters: If selected, new passwords must include a special character (!, @, #, $, %, &)
  • Password Requires Uppercase and Lowercase Character: If selected, new passwords must include an uppercase AND a lowercase character. Important! At least one alpha character is required if "Enforce Strong Password" is enabled.
  • Password Requires Number: If selected, new passwords must include a number (0-9).
Enforce password history for X days Enforce password history ensures that old passwords are not reused continually.  Users cannot repeat the same password after expiration for X days.
Password expires after X days Enter the number of days passwords can be used before they expire. If you enter 90, then users must change passwords every 90 days.
Prompt changing password X days before expiration User must change password after X days. User will be prompted to change their password upon login after expiration
Lock user account after X failed logon attempts  This setting limits the permitted number of failed password attempts. This prevents malicious users from trying one password after another in a brute force attack. A common setting is "3," which means that the account will be locked after the third failed password attempt.
User account lockout duration This setting determines the length of the lockout. If set to 30, then when a user's account is locked because of failed password attempts, the account will remain locked for 30 minutes and no one will be able to log in to the account during that time, even with the correct password

Sample Password Policy settings:
Password policy