31.6 Securing User Passwords

You can require that user passwords to the Filr site meet certain criteria by enabling password complexity checking. Only locally created users and external users are affected by this setting; users whose accounts are synchronized to Filr via LDAP are not affected.

Users’ existing passwords are not forced to comply with the password policy; only when a user changes his or her password is the password policy put into effect.

When you enable password complexity checking in Filr, Filr requires that passwords:

  • Are at least 8 characters in length

  • Do not contain the user’s first name, last name, or user ID (these restrictions are not case-sensitive)

  • Contain at least 3 of the following:

    • A lower-case character

    • An upper-case character

    • A number

    • One of the following symbols: ~ @ # $ % ^ & * ( ) - + { } [ ] | \ ? / , . < >

To enable password policy checking on the Filr site:

  1. Log in to the Filr site as the Filr administrator.

  2. Click the admin link in the upper-right corner of the page, then click the Administration Console icon .

  3. Under System, click Password Policy.

  4. Select Enable Password Complexity Checking for Local and External Users, then click OK.