Local user password strength enforcement details
The following table summarizes the fields of the local user password policy when using password strength enforcement:
Field | Description | Default value |
Enable Password Strength Enforcement |
Select this field when you want to apply password strength requirements to local user passwords. |
Not selected |
Number of Failed attempts |
Specify the number of failed attempts that a local user can make when entering his password. After this number of attempts, Ivanti EPMM does not allow the user to login until the specified auto-lock time has expired. After the auto-lock time expires, each failed login attempt results in Ivanti EPMM not allowing the user to login until the auto-lock time expires again. Valid values are 1 through 16. |
5 |
Auto-Lock Time |
Specify how much time in seconds, minutes, hours, or days the local user must wait before he can log in after exceeding the number of failed attempts. Valid values are 0 through 3600 seconds (60 minutes). |
30 seconds |
Enforce Passcode History (Last 4 passwords) |
Select Enable if you do not want to allow a local user to use the previous 4 passwords when changing his password. To allow a local user to use the previous 4 passwords, select Disable. |
Enable |
Password Strength |
Select a value between 0 and 100, where 0 is the weakest requirement, and 100 is the strongest requirement. You can enter a value or move the slider. For details, see Local user password strength value descriptions. |
35 |
Local user password strength value descriptions
The following table describes the local user password strength values:
Strength value | Description | Examples |
0 - 20 |
Weak: risky password |
|
21 - 40 |
Fair: protection from throttled online attacks Throttled online attacks are attacks to guess the passcode which are:
Rate-limited attacks are limited to some number of attempts per time period. |
|
41 - 60 |
Good: protection from unthrottled online attacks Unthrottled online attacks are attacks to guess the passcode which are:
|
|
61 - 80 |
Strong: moderate protection from offline slow-hash scenario An offline slow-hash scenario is a sophisticated algorithm for guessing a passcode. The algorithm runs offline from the device after copying passcode-related files from the device. |
|
81 - 100 |
Very strong: strong protection from offline slow-hash scenario |
|