---
title: Configuring a password policy
description: PingFederate applies a configurable policy to passwords, pass phrases, and shared secrets defined by administrators in the administrative console.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_config_password_policy
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_config_password_policy.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Configuring a password policy

PingFederate applies a configurable policy to passwords, pass phrases, and shared secrets defined by administrators in the administrative console.

## About this task

These fields include, but are not limited to:

* Passwords used by HTTP Basic authentication for:

  * Inbound SOAP messages from partners via back-channel calls

  * WS-Trust STS

* Shared secrets used by the credentials defined for:

  * Attribute Query

  * Java Management Extensions (JMX)

  * Connection Management

  * Single sign-on (SSO) Directory Service

* Passwords used by instances of the Simple Username Password Credential Validator (PCV)

* Passwords used for encrypting certificates exported with their private keys

* Pass phrases used by identity provider (IdP) Discovery

* Passwords used by administrative console credentials when native authentication is used

|   |                                                                                                                                     |
| - | ----------------------------------------------------------------------------------------------------------------------------------- |
|   | Passwords external to PingFederate, such as passwords used by instances of the datastores, are not subject to this password policy. |

## Steps

1. Edit the `<pf_install>/pingfederate/server/default/data/config-store/password-rules.xml` file.

2. Save the changes.

3. Restart PingFederate.

   For a clustered PingFederate environment, perform these steps on the console node. You do not have to change or restart PingFederate on the engine nodes.