KBA-01211: Requiring Strong Passwords


Can I change the system requirement for password strength?


Yes. In ICTool, use the Password tab on the sfPMS page. You must supply a regular expression to perform your test, and a message to inform users what type of password is expected. Many resources are available to help you create a regular expression, for examples, see https://regexr.com/.

Additional Comments:

The internal default used by the system is:



  • (?=.*[0-9]+.*) Tests for at least one digit anywhere in the string
  • (?=.*[a-zA-Z]+.*) Tests for at least one character anywhere in the string
  • [-0-9a-zA-Z@#!=&/,`~%\$\?\^\*\(\)\+\.] Tests for the valid characters. Valid characters are -0-9a-zA-Z@#!=/,`~$?^*()+.; note that the percent sign (%) and square brackets ([]) are excluded.
  • {4,32} Establishes the minimum and maximum lengths

KBA-01211; Last updated: November 8, 2017 at 10:04 am;
Keywords:  minimum, password strength