Password policies
A password policy dictates the strength and complexity requirements for a password or passphrase. You can choose or define a policy that fits the needs of your organization.
PingOne allows you to assign password policies to populations and includes three policy types by default. You can customize these policies or create new policies to meet the password requirements for users in the population. Learn more in the Password policy comparison table.
The default password policies include:
-
Standard (default): The standard password policy incorporates industry best practices for a typical password policy.
-
Passphrase: The passphrase policy encourages users to use a passphrase instead of a password for stronger authentication. A passphrase can be easier to remember and more secure because of its length.
-
Basic: The basic password policy is a more relaxed standard that allows for maximum customer flexibility. Because users are not required to change their passwords, the basic policy can be less secure.
Learn more about viewing, adding, modifying, or deleting password policies in Managing password policies.
Password policy comparison
Standard | Passphrase | Basic | |||
---|---|---|---|---|---|
Password Requirements |
|||||
Not the same as current password (always enabled). |
Yes |
Yes |
Yes |
||
Is not an exact match for any of the attribute values in the user profile. |
Yes |
Yes |
No |
||
Not similar to current password.
|
Yes |
Yes |
No |
||
Not a common password. |
Yes |
Yes |
Yes |
||
Has a computational complexity of at least 7 days, based on the Gibson Research Corporation Password Haystacks concept. |
No |
Yes |
No |
||
No more than two consecutive repeated characters. For example, |
Yes |
No |
No |
||
At least five unique characters. |
Yes |
No |
No |
||
Between 8 and 255 characters. |
Yes |
No |
Yes |
||
At least one of the following special characters: ~!@#$%^&*()-_=+[]\{}|;:,.<>/? |
Yes |
No |
Yes |
||
At least one number. |
Yes |
No |
Yes |
||
At least one uppercase letter. |
Yes |
No |
Yes |
||
At least one lowercase letter. |
Yes |
No |
Yes |
||
No more than two or three sequential numbers (configurable). For example, |
No |
No |
No |
||
No more than two or three sequential letters (configurable). For example, |
No |
No |
No |
||
No more than three sequential QWERTY keyboard characters. For example, |
No |
No |
No |
||
No more than three sequential symbol row characters. For example, |
No |
No |
No |
||
Supports all printable UTF-8 characters. |
Yes |
Yes |
Yes |
||
Password Policy Rules |
|||||
Previous passwords maintained in history for 1 year. |
6 |
6 |
None |
||
Expires |
182 days |
Never |
182 days |
||
User can change their password after. |
1 day |
1 day |
Never |
||
Account Lockout Rules |
|||||
Allowed failed attempts. |
After five failed attempts, the user is locked out |
5 |
5 |
||
Automatic unlock period. |
Accounts locked after maximum failed attempts are unlocked after 15 minutes |
15 minutes |
15 minutes |