Enforcing Complex Passwords for Administrator Accounts

The HS-PCI module allows you enforce the use of complex passwords for administrator accounts. If you do not activate the HS-PCI module, this feature is disabled after the 30-day trial period expires.

When you create or edit administrator accounts, you can specify that all administrator accounts be required to adhere to certain password complexity rules.

To set complexity settings for administrator accounts

1. Refer to Adding EFT Server Administrators or Changing an Administrator Password or Access Rights for the procedures for creating or changing an administrator account.

2. In the Password Security area, select the Enforce strong (complex) passwords to ensure that when any administrator creates or changes a password for any administrator account, password complexity is enforced.

3. To specify password complexity settings, click Advanced. The Password Complexity Settings dialog box appears.
   
   

4. In the Minimum password length box, type or click the arrows to specify the minimum number of characters the password must contain. The default is 8 characters.

5. In the Must contain at least box, specify the number of characters from the following categories the password must contain: Uppercase, Lowercase, Numeric (0-9), Non-alphanumeric (e.g., !, #, $, %). Select the check boxes for the applicable characters.

6. In the Must not contain boxes, select the check boxes and type or click the arrows to specify the number of characters from the user name and/or number of repeating characters the password must not contain.

7. In the Dictionary area, select the Must not solely consist of a word in the following dictionary, then specify the dictionary file. A default dictionary file is provided in the EFT Server installation directory.

8. Select the Must not be dictionary word backwards to ensure the password is not a word in the dictionary file spelled backward.

9. Click OK.