Password policies - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

bundle: pingone
ft:publication_title: PingOne Cloud Platform
Product_Version_ce: PingOne; PingOne Cloud Platform
category: Administratorguide; ContentType; Guide; Product; Productdocumentation; p1; p1cloudplatform
ContentType_ce: Guide; Product documentation; Guide > Administrator Guide

A password policy dictates the strength and complexity requirements for a password or passphrase. You can choose or define a policy that fits the needs of your organization.

PingOne allows you to assign password policies to populations and includes three policy types by default. You can customize these policies or create new policies to meet the password requirements for users in the population. For more information, see Password policy comparison.

The default password policies include:

Standard (default) - The standard password policy incorporates industry best practices for a typical password policy.
Passphrase - The passphrase policy encourages users to use a passphrase instead of a password for stronger authentication. A passphrase can be easier to remember and more secure because of its length.
Basic - The basic password policy is a more relaxed standard that allows for maximum customer flexibility. Because users are not required to change their passwords, the basic policy can be less secure.

To view, add, modify, or delete password policies, see Managing password policies.

Password policy comparison

	Standard	Passphrase	Basic
Contains no sub strings that match user attributes.	Yes	Yes	No
Not similar to current password. Note: PingOne checks the Levenshtein distance between the two passwords to ensure they are not too similar. The Levenshtein distance counts the number of characters added to, removed from, or replaced from the old password to the new password. If the Levenshtein distance is less than 3, then the password will be rejected as too similar. For example, changing a password from `kitten` to `smitten` would have a Levenshtein distance of 2, and be rejected as too similar.	Yes	Yes	No
Not a common password.	Yes	Yes	Yes
No more than two consecutive repeated characters. For example, `good-apple` is acceptable but `goood-appple` is not.	Yes	No	No
At least five unique characters.	Yes	No	No
Between 8 and 255 characters.	Yes	No	Yes
At least one number.	Yes	No	Yes
At least one lowercase letter.	Yes	No	Yes
At least one uppercase letter.	Yes	No	Yes
At least one of the following special characters: ~!@#$%^&*()-_=+[]{}\|;:,.<>/?	Yes	No	Yes
Has a computational complexity of at least seven days based on the Gibson Research Corporation Password Haystacks concept.	No	Yes	No
Supports all printable UTF-8 characters.	Yes	Yes	Yes
Allowed failed attempts.	After five failed attempts, the user is locked out for 15 minutes	5	5
Expires	182 days	Never	182 days