Password character restrictions

Enterprise Application Access is flexible when it comes to passwords, but there are limitations on what you can use for password names.

You must create all user and system-level passwords using the following requirements. Passwords must not be predictable or something easily guessed. These passwords must meet the following requirements or they will be rejected by the authorization system:
  • Minimum length of eight characters
  • Cannot be the username, accountID, userID, or loginID
  • Contain at least one character from the following categories:
    • Uppercase characters
    • Lowercase characters
    • Numeric characters
    • Nonalphabetic characters (special characters "~!@#$%^&*_-+=`|\(){}[]:;\"'<>,.?/".)
  • Passwords must be changed every 90 days (once changed, a password may not be reused for at least two years)
  • Passwords must not be shared or given to another user
  • Group passwords are forbidden
  • Passwords must not be stored in clear text
  • Passwords must be changed or the account disabled upon:
    • Password compromise
    • Suspected security breach
    • Password disclosure