Synology SA3400 Synology Directory Server Administrator s Guide for DSM 7.1 - Page 45

Chapter 6: Configure Group Policies Password Policy • Maximum password age: Specify the time after which passwords expire. Passwords will never expire if the option is disabled. • Minimum password age: Specify the time frame in which users are not allowed to change their passwords after their last password change. Passwords can be changed at any time if the option is disabled. • Minimum password length: Specify the minimum length of new passwords. • Enforce password history: All new passwords must be different from the ones set previously. Specify the number of records here. • Enable password strength check: Passwords must comply with at least three of the following rules: • Uppercase letters of the Latin (including A - Z with diacritic marks), Greek, and Cyrillic alphabets. • Lowercase letters of the Latin alphabets (including a - z with diacritic marks), Greek, and Cyrillic alphabets. • Numeric characters (0 - 9). • Special characters such as Unicode alphabets, including those in Asian languages. • Exclude common password: Refrain users from setting common passwords, such as "123456", "password", and "qwerty". • Store password using reversible encryption: Enabling this option will compromise domain security. This option is not recommended unless demands of domain client services take higher priority over password security. Account Lockout Policy • Lockout threshold: User accounts will be locked out when the number of failed login attempts exceeds the specified lockout threshold. • Reset lockout counter after: The number of failed login attempts will be re-calculated after the specified time. • Lockout duration: Locked-out user accounts will not be unlocked until the end of the specified lockout duration. 42