Configuring password policies

Note: This section applies to the Cleo Harmony and Cleo VLTrader applications only.

You can define a Password Policy that enforces password security requirements for any or all Local User mailboxes. To enforce a global password policy, go to System Options > Other tab in the native UI or Administration > System > Other in the web UI, and then select the Enforce Password Policy check box in the Property/Value list. This allows you to enable, disable, or override password policies for a particular local user host (FTP, HTTP, and SSH FTP) or Users host so that all underlying mailboxes operate with separate security restrictions.

To configure the password policy, after selecting the Enforce Password Policy check box, click Configure to display the Password Policy dialog box. Set values as required and click OK.

The default Password Policy settings are:

  • Minimum Password Length enforces the minimum number of characters a password must contain. (The length can range from 1-16 characters)
  • Password Cannot Contain User Name enforces that the user name (that is, the mailbox alias) cannot be part of the password specified in upper, lower, or mixed case.
  • Require Mixed Case enforces the minimum number of upper and lowercase characters that a password must contain. 
  • Require Numeric Characters enforces the minimum number of numeric characters a password must contain (digits 0-9).
  • Require Special Characters enforces the minimum number of special characters a password must contain (for example @$%^&*!).
  • Prevent Password Repetition requires that a different password be used until the Number of Passwords Before Repeats Allowed value has been exceeded.
  • When the Enable Password Expiration setting is selected, user passwords will expire after the specified number of days. The commonly used number of days is included in the drop-down list; however, a valid custom value can be entered instead.
  • When the Require password reset before first use setting is selected, the user is required to update their password before being able to fully log in if a new mailbox is created under the host or the user's password is changed from the administrator console. There are provisions through FTP, interactive SFTP, and Portal to allow the password to be updated. This setting only applies to native users.
  • If Lock out user is enabled, a user who fails to enter the correct password after failed logon attempts times within the specified number of seconds is locked out of the mailbox for the specified number of minutes. If the minutes are not specified (that is, the field is left blank), the user is locked out until the user’s mailbox is unlocked manually by the Cleo VLTrader or Cleo Harmony user. Refer to the specific local user mailbox (FTP, HTTP, and SSH FTP) for further information.
Note: All configured security settings except Enable Password Expiration and Lock out user are enforced at the time the user changes their password.