Lotus Domino Administrator 8.5 Help - Custom password policies

SECURITY

Custom password policies
Recent changes to information protection and data privacy laws include specific requirements for the selection of secure passwords for identity verification. In order to help users comply with these laws, the ability to implement password restrictions on a policy basis has been added to IBM® Lotus® Domino®. The new feature enables administrators to enforce password requirements that will fit almost any set of corporate or government security requirements.

Custom password policies are created and applied through a security policy settings document.

Through a custom password policy, administrators can restrict or prohibit the use of the following in user passwords:

user name as part of the password
repeating characters
unique characters
use of special characters (punctuation characters) such as ! " # % & ' ( ) *, . / : ; ? @ [ \ ] _ { }
use of numbers, uppercase and lowercase characters
starting or ending passwords with certain character types
combinations of non-lower case characters

While custom password policies can be applied to all users, it should be noted that the requirement to change password on first log in can only apply to new users who have had the policy applied to them at registration. Users who are already registered will not be required to change their passwords when they login after the policy has been applied.

If the policy has been applied to a new user, the user must first authenticate with the server in order to be prompted to change password first use.

Custom password policies are downloaded to the IBM® Lotus® Notes® ID file when a user first authenticates to the home server. Once stored in the ID file, the policy settings will apply to the user's password the next time a user logs in to the Lotus Notes client, and the user will be prompted to change the password upon first use.

If the user does not change the password to conform to the policy, or cancels out of the Change Password dialog, the user receives an error message stating that the password does not meet policy requirements, and the Lotus Notes client shuts down.

Custom password policies do not have many validation checks. It is possible for an administrator to create a policy such that no password will ever meet the requirements (for example, maximum length = 4, minimum password quality = 8). Administrators need to make sure that the password policies they implement make sense and can be implmented.

Note Even if you establish a customized password policy, you must still enable "Check passwords on Notes IDs" in the server document in order for IBM® Lotus® Domino® to check password history.

Restrictions

Custom password policy settings will not:

support random password generation, either through User Registration or the User Security
apply to IDs protected with multiple passwords
apply to IDs protected with Smartcards

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary