KBA-01211: Requiring Strong Passwords


Can I change the system requirement for password strength? Can I set the minimum length of a password?


Yes. In ICTool, go to the sfPMS | Authentication | PW Strength tab.

  • Supply a regular expression in the User Password Regex field. This expression includes the minimum and maximum length requirements for the password (4 and 32 in the example below). Many resources are available to help you create a regular expression, for examples, see http://regex101.com .
  • Type in passwords to text your requirements in the Password Test field.
  • Type a message to inform users what type of password is expected in the Requirement Tip field.

Additional Comments:

The internal default used by the system is:



  • (?=.*[0-9]+.*) Tests for at least one digit anywhere in the string
  • (?=.*[a-zA-Z]+.*) Tests for at least one character anywhere in the string
  • [-0-9a-zA-Z@#!=/,`~\$\?\^\*\(\)\+\.]Tests for the valid characters.
    • Valid characters are -0-9a-zA-Z@#!=/,`~$?^*()+.;
    • note that the following characters are excluded:
      • less than sign (<)
      • percent sign (%),
      • ampersand (&)
      • and square brackets ([])  
  • {4,32} Establishes the minimum and maximum lengths

KBA-01211; Last updated: July 26, 2023 at 11:34 am;
Keywords:  minimum, password strength