Password complexity rules 

The password complexity rules are predefined and depend on the rights of each user. You may need to adjust the rule set to meet the needs of your application.

Pre-defined rule sets

With firmware 2022.0 LTS and 2023.0 LTS,  the "Admin Ruleset" and the "Default Ruleset" are pre-defined as described below.

• Adapt the rule set to the conditions of your application.

Admin Ruleset

We advise that the user roles Admin, SecurityAdmin, SecurityAuditor, UserManager, CertificateManager and Engineer have the rule set "Admin Ruleset" by default. The following password rules are set:

• The username must not be included in the password.
• The last five passwords must not be reused.
• The password must contain at least ten characters.
• The password must contain at least one uppercase letter and one lowercase letter.
• The password must contain at least one number.
• The password must contain at least one symbol. The allowed symbols are: {}()[]#,;.:^?!|_'~@$%/\=+-*&

Show a screenshot of the tab with the Admin RulesetShow a screenshot of the tab with the Admin Ruleset

 

Default Ruleset

All other user roles may have the rule set "Default Ruleset" by default: 

• The username must not be included in the password.
• The last five passwords must not be reused.
• The password must contain at least eight characters.
• The password must contain at least one uppercase letter and one lowercase letter.
• The password must contain at least one number.

Show a screenshot of the tab with the Default RulesetShow a screenshot of the tab with the Default Ruleset