Password policies

The system enforces a default system-wide user password policy for local users. The password policy does not apply to users authenticated from remote directories.

The default password policy includes password aging rules, password complexity rules, password history, and user lockout rules. An admin user can update the default policy settings as needed. The default policy also applies to the admin user.

Note: Nokia recommends that system administrators configure a password policy for production deployments.

Modifying the default password policy

A user who is assigned the system-administrator role can modify the default password policy. To perform this procedure, go to System Administration > USER MANAGEMENT > Password Policy page in the UI.

  1. Click Create.
  2. Modify any of the following fields:
    • Minimum Length: the minimum length of a password
    • Minimum Lowercase Characters: the minimum number of lowercase characters
    • Minimum Special Characters: the minimum number of symbols or special characters
    • Password History the number of passwords to keep and validate against
    • Minimum Uppercase Characters: the minimum number of uppercase characters
    • Minimum numbers: the minimum number of numerical characters
    • Allow Username : specifies whether the username can be used as a password
    • Password Expiry: the duration, in days, for a password to remain valid
    • Hashing Algorithm: select from ARGON2 (the default), PBKDF2-SHA512, PBKDF2-SHA256, or PBKDF2
  3. Modify the lockout policy settings.
    • Maximum Login Failures: the maximum consecutive failed login attempts before account lockout
    • Failure Wait Duration: duration, in seconds, to wait after reaching the maximum login failures before retry is allowed
    • Permanent Lockout: Lock the account permanently after maximum number of failed logins
    • Reset time (Required): Duration, in seconds, after which failed login attempts are reset