What are user password policies?

Introduction

When an operator attempts to sign in to the NSP and a password change is required, the new password must conform to the password policy of the authenticating agent, as described in the following table.

Authenticating agent	Requirement
NSP	User password complexity rules are configurable; the following are the default rules. An NSP local user password must: have at least ten characters not be the same as the previous three passwords include at least one of the following special characters `( ) ? ~ ! @ # $ % & * _ + ^` The colon `:` character must never be used in an NSP password. HTTP clients that will send the password in a POST request must URL-encode certain characters. To include the % or + character in a password, they must be specified as the escape codes `%25` or `%2B`, respectively. The % character is used for URL-encoding special characters and it is handled differently when the NSP system acquires an access token. When a user logs in to the NSP GUI with the % or + character, it is already URL-encoded. The other special characters mentioned here do not require the URL-encoded character representation. Example: If the desired login password is Main%street8, it must be specified as Main%25street8 in an HTTP client POST request. include at least one lowercase character include at least one uppercase character include at least one digit not be the username not equal the e-mail address
WS-NOC	When a WS-NOC-authenticated user is prompted to change their password during an NSP login attempt, the password must conform to the WS-NOC password requirements, which are described in the User ID and passwords rules section of the WS-NOC Platform Feature Guide.
LDAP, RADIUS and TACACS+	A password-change policy is not applied during an NSP user login attempt. If a password change is required, the user must contact the system administrator for information about the LDAP, RADIUS, or TACACS+ password requirements.

Authenticating agent

Requirement

NSP

User password complexity rules are configurable; the following are the default rules. An NSP local user password must:

have at least ten characters
not be the same as the previous three passwords
include at least one of the following special characters

( ) ? ~ ! @ # $ % & * _ + ^

The colon : character must never be used in an NSP password.

HTTP clients that will send the password in a POST request must URL-encode certain characters. To include the % or + character in a password, they must be specified as the escape codes %25 or %2B, respectively. The % character is used for URL-encoding special characters and it is handled differently when the NSP system acquires an access token. When a user logs in to the NSP GUI with the % or + character, it is already URL-encoded. The other special characters mentioned here do not require the URL-encoded character representation.

Example: If the desired login password is Main%street8, it must be specified as Main%25street8 in an HTTP client POST request.
include at least one lowercase character
include at least one uppercase character
include at least one digit
not be the username
not equal the e-mail address

WS-NOC

When a WS-NOC-authenticated user is prompted to change their password during an NSP login attempt, the password must conform to the WS-NOC password requirements, which are described in the User ID and passwords rules section of the WS-NOC Platform Feature Guide.

LDAP, RADIUS and TACACS+

A password-change policy is not applied during an NSP user login attempt. If a password change is required, the user must contact the system administrator for information about the LDAP, RADIUS, or TACACS+ password requirements.