Local user password policy overview

You can specify the password policy for local users.

The password policy includes the following:

  • Enforcement type, which is one of the following:

  • Ivanti enforces the password complexity or strength when:

    • You add a new local user in the Admin Portal in Devices & Users > Users.
    • Local users change their password.
  • Number of failed attempts

    After the local user fails to enter the correct password after the specified number of attempts, Ivanti does not allow the user to login until the specified auto-lock time has expired.

  • Password history enforcement

    When you enforce password history, the local user cannot use the previous 4 passwords when changing his password.

Local user password complexity enforcement

You can enforce password complexity requirements on local user passwords. Complex requirements prevent local users from using passwords that are weak and therefore easy to guess. However, requirements that are too complex make using the user ID and password inconvenient for the user because they have to enter a more complicated or longer password. Therefore, when you choose the complexity requirements, consider both your security needs and you local user convenience.

You specify the following password complexity requirements:

  • Minimum and maximum password length
  • Minimum number of character classes in a password
  • Character classes are:
    • Lower case alphabetic characters
    • Upper case alphabetic characters
    • Numeric characters 0 through 9
    • Special characters, which are ! = ( { [ _ : - ; ~ , ) } ] @ # ^ | $

In addition to the requirements that you specify, Ivanti enforces the following requirements:

  • The password cannot have 4 or more repeating characters.
  • The password cannot be the same as the user ID.

Local user password strength enforcement

You can specify the local user password strength to enforce how strong a password must be. Setting the password strength prevents local users from using passwords that are weak and therefore easy to guess. However, setting the password strength too high makes using the user ID and password inconvenient for the user because they have to enter a more complicated or longer password. Therefore, when you choose the password strength requirement, consider both your security needs and your local user convenience.

In addition to your specified password strength, Ivanti enforces the following requirements:

  • The password length must be 128 or less.
  • The password cannot be the same as the user ID.