Limitations on Passwords

You can set up characters that can be used for passwords and password expiration.
It is recommended to establish a password policy so that users will not choose weak passwords during password configuration.

Steps:
  1. Click the administration menu icon (gear icon) in the header.

  2. Click "System settings".

  3. Select "Basic system administration" tab.

  4. Click Users.

  5. Click "Password Limit".

  6. On the "Password limit" screen, set the required items.

    Screen to set limitations on passwords

    Limitations on Passwords

    Set the following items:

    Item Description
    Changing passwords in personal settings Specify whether to allow users to change their passwords.
    Log in with an empty password Select whether to allow logins without entering passwords.
    Password length Specify the minimum number of characters for the password.
    The maximum number is 64.
    Password expiration Set one of the followings.
    • Unlimited:
      The same password can be used indefinitely.
    • 1 to 999 days:
      Specify the value using an integer. If you specify a validity period, the password must be changed after that period ends.
    Expiration notifications You can choose not to notify users of the expiration date, or you can set the date to notify by specifying the number of days before the expiration date.
    Set one of the followings.
    • Do not notify
    • Notify 1 to 999 days before:
      Specify the value using an integer.
    Limitations on available characters Set limitations on available characters so that users can set passwords that are hard to guess for malicious third parties.
    The following items can be set.
    • Include single-byte characters
      • Mix upper case and lower case in single-byte characters
        This item is displayed when "Include single-byte characters" is selected.
    • Include Arabic numerals
    • Include special characters
      The following special characters can be used.
      ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /
    • Do not include login names/names

  7. Confirm your settings and click Save.

What Happens When the Expiration Date Has Come

If you set a password expiration date, when the validity period expires, a message prompting the password change appears in the login screen. Click "Change" to change your password.

  • Example screen Image showing the expired password
What Happens When the Expiration Date Approaches

If you set an expiration notification, when the expiration date approaches, a message prompting the password change appears in the screen.
Click "Change" to change your password.
To change the password at a later date, click "Change later".

  • Example screen Image showing the notification of the password expiration date
Limitations on the Password String

The following keywords are available for HTML portlets and PHP portlets.

  • %Password%
  • %Name%
  • %Account%
  • %Mail%
  • %session_password%
  • %Tel%
  • %URL%

The use of the following half-width symbols among all special characters available to use for the password may cause errors in HTML portlets and PHP portlets.

  • Single quotation mark (')
  • Double quotation mark (")
  • Dollar sign ($)
  • Yen sign, backslash ()
  • Less than sign (<)
  • Greater than sign (>)
  • Pipe (|)