--- title: Configure the directory password policy description: You need to be either a Global Administrator or Identity Repository Administrator to configure the password policy for your directory users. You will edit the default password policy to assign password requirements, expiration settings and lockout settings. component: pingoneforenterprise page_id: pingoneforenterprise:pingone_for_enterprise:p14e_configure_p1d_password_policy canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_for_enterprise/p14e_configure_p1d_password_policy.html revdate: March 28, 2023 section_ids: about-this-task: About this task steps: Steps --- # Configure the directory password policy ## About this task You need to be either a Global Administrator or Identity Repository Administrator to configure the password policy for your directory users. You will edit the default password policy to assign password requirements, expiration settings and lockout settings. | | | | - | --------------------------------------------------------------------------------------- | | | The PingOne for Enterprise Directory uses HMAC SHA-256 with salt for hashing passwords. | ## Steps 1. Go to **Setup > Directory Settings > Password Requirements**. 2. Change any of the minimum requirement settings as needed: | Setting | Description | | ---------------------------- | ----------------------------------------------------------------------- | | Minimum Length | The minimum number of characters required. | | Minimum Uppercase Characters | The minimum number of uppercase characters required. | | Minimum Numbers | The minimum number of numbers required. | | Minimum Special Characters | The minimum number of special characters required (such as, @ # ! % &). | | Block Dictionary Words | If enabled, common dictionary words aren't allowed as passwords. | | Block Prior Passwords | If enabled, previously used passwords aren't allowed. | 3. Assign any of the password expiration settings as needed: | Setting | Description | | ----------------------------- | -------------------------------------------------------------------------------------------------------- | | Password Duration | The number of days a password remains valid. When set to 0 (zero), passwords will never expire. | | First Notification | The user will receive their first notice of an expiring password this number of days before expiration. | | Second Notification | The user will receive their second notice of an expiring password this number of days before expiration. | | Password Expiry Notifications | When enabled, an email notification is sent to users prior to their password expiring. | 4. Change any of the account lockout settings as needed: | Setting | Description | | --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | Consecutive Failures to Trigger Lockout | The number of consecutive, failed attempts to sign on needed to trigger an account lockout. | | Consecutive Failure Timeframe | The length of time a user remains locked out (in minutes). | | Lockout Duration | The length of time without user activity (in minutes) that's needed before the count of failed sign on attempts is reset to zero. | | Password Lockout Notifications | When enabled, an email notification is sent to users when their password has expired and they are locked out. |