Question:
Can I change the system requirement for password strength?
Answer:
Yes. In ICTool, use the Password tab on the sfPMS page. You must supply a regular expression to perform your test, and a message to inform users what type of password is expected. Many resources are available to help you create a regular expression, for examples, see https://regexr.com/.
Additional Comments:
The internal default used by the system is:
^(?=.*[0-9]+.*)(?=.*[a-zA-Z]+.*)[-0-9a-zA-Z@#!=&/,`~%\$\?\^\*\(\)\+\.]{4,32}$
Where
-
(?=.*[0-9]+.*) — Tests for at least one digit anywhere in the string
-
(?=.*[a-zA-Z]+.*) — Tests for at least one character anywhere in the string
-
[-0-9a-zA-Z@#!=&/,`~%\$\?\^\*\(\)\+\.] — Tests for the valid characters. Valid characters are -0-9a-zA-Z@#!=/,`~$?^*()+.; note that the percent sign (%) and square brackets ([]) are excluded.
-
{4,32} — Establishes the minimum and maximum lengths
KBA-01211; Last updated: November 8, 2017 at 10:04 am;
Keywords: minimum, password strength