Procedure:
- Log in to the SMS from a client.
- From the top menu, select the Edit -> Preferences option from the Menu Bar. The System Preferences dialog box displays.
- Select Security.
- Select Security Level.
| Security Level | Password Requirement |
Level 0
No Security | • Usernames cannot contain a space or a backslash. • Password length and complexity are not restricted. • Passwords cannot contain a space. |
Level 1
Low Security | • Passwords must meet Level 0 (None) restrictions and the following: - Usernames must be at least six characters. - Passwords must be at least eight characters. - New password must be different from the previous password. |
Level 2
Medium (default) Security | • Passwords must meet Level 1 (Low) restrictions and the following: - Must contain at least two alphabetic characters. - Must contain at least one numeric character. - Must contain at least one non-alphanumeric character (examples include ! ? $ * #). |
Level 3
High Security | • Passwords must meet Level 2 (Medium) restrictions and the following: - Must contain at least 15 characters. - Must contain at least one uppercase character. - Must contain at least one lowercase character. - Must be different from the previous password in at least half of the corresponding character positions. |
- In the Password Preferences area, select any of the following options you want to enable:
- Require password to be different from user ID
- Lock user after failed login attempts, and enter a threshold to set the number of unsuccessful
consecutive attempts. - Require new password to be different from previous passwords, and enter the number of previous
passwords, the SMS will check. - Show previous login details when a user logs in, and enter the number of days as the count period. The SMS displays information for:
- Last successful login, including date, timestamp, and IP address.
- Number of successful logins in the last number of days.
- Last failed login attempt including date, timestamp, and IP address.
- Number of failed login attempts since the last successful login.
- Any group or role changes to the user account since the last login.
- Disable inactive user accounts, and enter the number of days the user account must be inactive
before it is disabled on the SMS. - Require user to re-authenticate, and set a time.
- Enforce a minimum password lifetime. Passwords cannot be changed again until the minimum
time has passed.
- Select Limit number of total and user sessions to determine whether the SMS limits the number of active sessions allowed on the SMS, or for a user, and enter a maximum number.
- In the Client Preferences area, select any of the following options you want to enable:
- Allow storing the username and server used to login to this SMS
- Timeout client session after inactivity, and enter the number of minutes a user can be inactive.
- Auto-reconnect client to the server after a disconnect occurs
- Click OK.
Note: If you update a user's security level, the SMS forces a password change at the next login if the security level restrictions set for the user require it.
Reference: SMS User Guide