What are the user password policies?

Introduction

When an operator attempts to sign in to the NSP and a password change is required, the new password must conform to the password policy of the authenticating agent, as described in the following table.

Authenticating agent

Requirement

NSP OAUTH2

User password complexity rules are configurable; the following are the default rules.An NSP OAUTH2 user password must:

  • have at least ten characters

  • not be the same as the previous three passwords

  • include at least one of the following special characters

    ( ) ? ~ ! @ # $ % & * _ +

  • include at least one lowercase character

  • include at least one uppercase character

  • include at least one digit

  • not be the username

  • not equal the email address

NFM-P

When an NFM-P-authenticated user is prompted to change their password during an NSP login attempt, the new password must conform to the NFM-P password requirements. See NFM-P user security for the NFM-P password requirements and expiration policy.

WS-NOC

When a WS-NOC-authenticated user is prompted to change their password during an NSP login attempt, the password must conform to the WS-NOC password requirements, which are described in the Common Functions section of the WS-NOC Administration Guide.

LDAP, RADIUS and TACACS+

A password-change policy is not applied during an NSP user login attempt. If a password change is required, the user must contact the system administrator for information about the LDAP, RADIUS, or TACACS+ password requirements.