API Gateway 10.5 | Using API Gateway | User Management | Manage Users, Groups, and Teams | Setting Password Restrictions
 
Setting Password Restrictions
For security purposes, API Gateway places length and character restrictions on passwords for administrator and non-administrator users.
*To set password restrictions
1. Expand the menu options icon , in the title bar, and select User management.
2. Click Account settings > Password restrictions.
3. Provide the following information to set the required password restrictions.
Field
Description
Enable password change
Specifies whether users are allowed to change their passwords.
This is selected by default.
Password enforcement mode
Specifies whether Administrator users are allowed to choose passwords that are not impacted by the password restriction settings.
When this property is set to Strict, API Gateway enforces the password restrictions.
When set to Lax, the password restrictions are not enforced.
Minimum password length
Specifies the minimum number of characters (alphabetic characters, digits, and special characters combined) the password must contain.
The default value is 8.
Maximum password length
Specifies the maximum number of characters (alphabetic characters, digits, and special characters combined) the password must contain.
Maximum number of characters that a password can have is 128.
The default value is 64.
Minimum number of uppercase characters
Specifies the minimum number of uppercase alphabetic characters the password must contain.
The default value is 0.
Minimum number of lowercase characters
Specifies the minimum number of lowercase alphabetic characters the password must contain.
The default value is 0.
Minimum number of digits
Specifies the minimum number of digits the password must contain.
The default value is 0.
Minimum number of special characters (neither alphabetic nor digits)
Specifies the minimum number of special characters, such as asterisk (*), period (.), and question mark (?) the password must contain.
Note:
The use of special characters is regulated by the following restrictions:
*A password cannot begin with an asterisk (*).
*Passwords cannot contain quotation marks ("), backslashes (\), ampersands (&), or less-than signs (<). Use the watt.server.illegalUserChars configuration property to restrict the use of additional characters.
The default value is 0.
Maximum number of identical characters in a row
Specifies the maximum number of identical characters in a row a password can contain.
The default value is 3.
Number of old passwords to remember (per user)
Specifies the maximum number of previously set passwords that API Gateway saves for a user (excluding the current password).
You cannot choose a password that matches any of the stored passwords. Maximum number of saved passwords is 12.
The default value is 0.
4. Click Save.