The Global Security Options feature allows you to compel users to select strong passwords and set password lifetimes. The SBC 1000/2000 also incorporates several anti-hacking features that help prevent unauthorized access. The restrictions and limits set by this feature apply to local users only.
Password construction and lifetimes for AD and RADIUS users are controlled by their respective authorization schemes. However, RADIUS and AD users are still subject to lockouts due to failed login attempts.
After the administrator adds a new user, that user is prompted to enter a new password the first time they log into the SBC 1000/2000. Also, if an administrator resets a current user's password, the user's current session is terminated and the user is then prompted to enter a new password (compulsory password change).
New password entry is forced in these situations and the user will not be allowed to proceed with the login process until they have correctly entered a new password.
When a user exceeds the maximum number of failed attempts, they are locked out of the system for the time specified in the configuration, however if the SBC 1000/2000 is rebooted, the lockout is terminated.
Unlike the various WebUI access users (Admin, Read-Only, etc.), REST users are not subject to the constraints of password complexity, forced password reset, or password lifetimes.
Configure the fields. See below for guidance.
Click Apply.
Field | Definition |
---|---|
Enhanced Password Security | Used to enable and disable Global Security Options. |
Minimum Password Length | Specifies the minimum number of characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled. |
Minimum Upper Case Characters | Specifies the minimum number of upper case alphabetical characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled. |
Minimum Lower Case Characters | Specifies the minimum number of lower case alphabetical characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled. |
Minimum Digit Characters | Specifies the minimum number of numeric characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled. |
Minimum Special Characters | Specifies the minimum number of special characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled. |
Minimum Delta Previous Password | Specifies the minimum number of characters which must be different from the previous password. This field is only available when Enhanced Password Security is enabled. |
Maximum Consecutive Characters | Specifies the maximum number of times any character may appear consecutively in a password. This field is only available when Enhanced Password Security is enabled. |
Set Password Lifetime | Enables and disables password lifetimes. |
Maximum Password Lifetime | Specifies the maximum lifetime of a password in days. This field is only available when Set Password Lifetime is enabled. Note: Users are required to enter a new conforming password at the next login subsequent to the expiration of their current password's lifetime. Although a user may not log into the SBC until they update their password, their account is not disabled. |
Number Failed Logins To Lockout | Specifies the maximum number of failed log in attempts before the SBC locks out the user. |
Lockout Duration | Specifies the period of time, in minutes, the user is locked out of the SBC after reaching the maximum number of failed log in attempts. |
Password Recovery | Enables/disables the Password Recovery mechanism for Admin passwords. If this field is set to True, you are able to initiate the password recovery mechanism for loss of the Admin password. Default entry: False. For detailed information, see Recovering Admin Passwords. This field is available for SBC 1000/2000 only. |
Password Display | For entering passwords, this field determines if a character entered in any password entry box displays as a typed character before displaying as a dot. Two options are available: True (a character typed in any password entry box is briefly displayed as a typed character before displaying as a dot) and False (a character typed in any password entry box is displayed as a dot). Default entry: False. |
Explicit Acknowledgement of Pre-Login Info | Determines whether the Acknowledge Pre-Login Message checkbox is displayed on the Pre-Login screen; this checkbox enables the user to acknowledge the Pre-Login message before entering the system.
Default entry: False. |