You configure your password policy to increase your network security by enforcing rules about how users create their passwords. Apply Self Service Password Reset password policy in one the following ways:
Apply only the Self Service Password Reset policy
Apply only the LDAP policy
Merge the Self Service Password Reset policy with the LDAP policy
When you merge the Self Service Password Reset policy with the LDAP policy, Self Service Password Reset reads both policies. If both policies conflict with each other, Self Service Password Reset chooses the most restrictive policy.
Self Service Password Reset checks the text that a user set as their password and does not allow if that is available in the predefined password dictionary word list. The word list is a ZIP file containing one or more plain text files with one word per line.
Self Service Password Reset allows storing the shared password history for all users, which provides more security. You can also configure profile specific password policy, which means setting password policies for a different group of users who are part of different profiles.
To configure a password policy you must create a profile and configure two different sets of settings in Self Service Password Reset.
You can configure the password policies for specific groups of users by using the password policy profile. You can create different profiles for different user groups so that the system applies the specified password policy to each user group for each profile. For more information, see Configuring Profiles.
Based on the policy specified for users, Self Service Password Reset generates the text to display in the change password policy. To customize this text, use the Password Rule Text setting, which overwrites the Self Service Password Reset auto-generated text.
Self Service Password Reset allows you to define the requirements for the password. You can specify if the password is required to have numbers, letters, and special characters. You can also define the minimum and the maximum number of uppercase and lowercase letters. Along with how many unique characters are required.
You can also define if groups of characters are allowed by using regular expressions. For example, the following two character groups of:
[a-zA-Z]+ [0-9]+
This regular expression requires that the users have a lowercase or uppercase letter or a number in their passwords. For more information about regular expressions, see Regular expression.
To configure a password policy for the default profile:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Polices > Password Policies > default.
Configure the password policy settings by using the help.
In the toolbar click, Save changes.
After you create the password profile you must configure the settings for the password policy. The password policy settings allow you to define the source of the password policy if you want to share the password history among all users to discourage similar passwords, or control if the passwords are case sensitive.
To configure a password policy:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Policies > Password Settings.
Configure the password policy settings using the help.
In the toolbar, click Save changes.
To increase the security of the passwords you must define a word list. A word list is a predefined password dictionary that Self Service Password Reset checks against the text that users set as their passwords. Self Service Password Reset does not allow a password if that text is available in the word list. The word list is a ZIP file containing one or more plain text files with one word per line. Regular expressions are not allowed in the word list file.
To configure the word list:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor > Policies > Password Policies > default.
Ensure that Enable Word List is selected.
Upload the word list in one of the following ways:
Click Save changes in the toolbar.
To verify the size of the word list, click Configuration Manager > Wordlist. The Word Count displays the size of the word list available in the text file.
After you add or remove words from the word list to view the updated word count, click Configuration Editor > Wordlist > Clear Wordlist.
You can add few more words that you do not want to allow as password to the word list. To update the word list, perform one of the following:
Download the wordlist.zip file from one of the following paths according to your setup:
Appliance: /var/lib/docker/overlay2/c25d96dc05d02d3f3159889fa78d9e2e2fe44393b67a1ca257e14079d84d6d36/merged/root/.sspr-workpath/work-sspr-8443/war/WEB-INF/
Linux: /srv/tomcat/webapps/sspr/WEB-INF/
Windows: C:\Program Files\NetIQ Self Service Password Reset\apache-tomcat-8\webapps\sspr\WEB-INF
Extract the wordlist.txt file.
Add the words that you do not want to allow as password in the text file. Ensure that one word is specified per line.
Save the text file and compress the wordlist folder to the .zip format.
Continue with Uploading the Word List.
Create the wordlist.txt file.
Add the words that you do not want to allow as password in the text file. Ensure that one word is specified per line.
Save the text file within the folder wordlist.
Compress the word list folder to the .zip format.
Continue with Uploading the Word List.
You can upload the updated or new word list in one of the following ways:
You can save the wordlist.zip file in any of the web server and save the file location URL for further reference. Perform the following steps to set the word list file URL in SSPR:
Click Configuration Editor > Settings > Word Lists.
Specify the URL of the text file in Word List File URL.
Click Save changes in the toolbar.
To upload the wordlist.zip file through the user interface, perform the following steps:
Click Configuration Manager > Word Lists.
Click Upload Word List.
Click Choose File and select the wordlist.zip from your local drive.
Click Upload.