A password policy is a set of rules which were created to improve secure the information or stored data by motivating users to create dependable, strong passwords and then store and utilize them properly.
To be able to create a strong password, the user should be aware of the criteria to create make one. These criteria basically include the following:
- A strong password must be at least 8 characters long.
- It should not contain any of your personal information—specifically your real name, user name, or even your company name.
- It must be very unique from your previously used passwords.
- It should not contain any word spelled completely.
- It should contain characters from the four primary categories, including uppercase letters, lowercase letters, numbers, and characters.
The following minimum password standards are used by default for all user/administrator
passwords within the OrangeHRM application.
A password policy is a set of rules which were created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly.
|Password Strength Calculation||Medium|
|Minimum Number of Characters||8|
|Password Expire After||90 days|
|Account lockout Threshold||10 attempts|
|Captcha Threshold||3 attempts|
|Account Unlock Period||1 hour|
Note - Clients need to make a special request through a higher authority should they wish to amend any of the above settings as below.
Password Strength Calculation Logic
The password strength is calculated by considering how much time it would computationally take to identify the password. The following table shows how the strength is defined based on the time that takes to break the password.
Password Strength Color Codes
In the system, when a user changes a password or adds a new password, the following color codes are shown to indicate the strength of the password.
The below image shows the password field when the user types the password.
Other validations related to the password field appears below the strength validation. The help text shown above assists the user in creating strong passwords "For a Strong Password, Please use a hard to guess the combination of text with upper and lower case characters, symbols and numbers.”
The following matrix show some password examples and their strength levels. Using symbols, numbers, uncommon text and higher length of text, increase the password strength. Using simple common words (even though some letters replaced by the symbols), names decrease the strength of the password.
The strongest password contains a lengthy text combination of upper and lower case characters with symbols and numerical values.
The stronger password contains a text combination of upper and lower case characters with symbols and numerical values.
The medium password contains a text combination of lengthy common words with symbols and numerical values.
The better password contains a text combination of common words with symbols and numerical values.
The weak password contains a text combination of common English name with symbols and numerical values.
The very weak password contains a simple common word.