Password complexity rules
The password complexity rules are predefined and depend on the rights of each user. You may need to adjust the rule set to meet the needs of your application.
Pre-defined rule sets
With firmware 2022.0 LTS and 2023.0 LTS, the "Admin Ruleset" and the "Default Ruleset" are pre-defined as described below.
- Adapt the rule set to the conditions of your application.
Admin Ruleset
We advise that the user roles Admin, SecurityAdmin, SecurityAuditor, UserManager, CertificateManager and Engineer have the rule set "Admin Ruleset" by default. The following password rules are set:
- The username must not be included in the password.
- The last five passwords must not be reused.
- The password must contain at least ten characters.
- The password must contain at least one uppercase letter and one lowercase letter.
- The password must contain at least one number.
- The password must contain at least one symbol. The allowed symbols are:
{}()[]#,;.:^?!|_'~@$%/\=+-*&
Default Ruleset
All other user roles may have the rule set "Default Ruleset" by default:
- The username must not be included in the password.
- The last five passwords must not be reused.
- The password must contain at least eight characters.
- The password must contain at least one uppercase letter and one lowercase letter.
- The password must contain at least one number.
• Published/reviewed: 2024-12-16 • Revision 016 •