Set Up Password Policy for Local User Authentication

Applies to Product: USM Appliance™ LevelBlue OSSIM®

If you decide to use authentication occurring locally in USM Appliance, LevelBlue encourages you to set up the password policy according to your company's security standard. All web user passwords are encrypted by applying the SHA-256 algorithm with a salt, and then stored in the database. You can also configure the account lockout period when setting up the policy.

Note: LevelBlue stores the USM Appliance root user password directly on the system, after applying SHA-512 with a salt. By default, only the root user account can access the USM Appliance CLI. You cannot configure a lockout period for the root user.

If you need to configure USM Appliance to use LDAP authentication, see Configure LDAP in USM Appliance.

For assistance with creating new users in USM Appliance, see Create New Accounts for Local Users.

To configure password policy for USM Appliance

  1. In the USM Appliance web interface, go to Configuration > Administration > Main and expand the Password Policy section.

USM Password Policy page.

  1. Type the values for password authentication that are required by your company or organization, as illustrated by the Password Policy Configurations table.
  2. Click Update Configuration.

    Password Policy Configurations

    Parameter Description Default Setting
    Minimum password length Minimum number of characters for a password. 7
    Maximum password length Maximum number of characters for a password. 32
    Password history Specifies how many previously used passwords are acceptable to USM Appliance. Disabled

    Specifies that passwords must contain 3 of the following: lowercase characters, uppercase characters, numbers, or special characters.

    Minimum password lifetime, in minutes

    Specifies the minimum amount of time that must pass before a user can change a password again.

    This option prevents users from changing a new password to the previously expired one.

    0 (disabled)
    Maximum password lifetime in days Specifies the number of days before USM Appliance prompts users to change their current password. 0 (disabled)
    Failed logon attempts Number of failed logon attempts before USM Appliance locks an account. 5
    Account lockout duration Amount of time user accounts remain locked. 5 (0 disables lockout)