Commit 28879a34 authored by wyang's avatar wyang Committed by Zhengji Zhao

Update pw policy

parent 3baaded4
...@@ -92,14 +92,16 @@ further justifies a change in password policy. ...@@ -92,14 +92,16 @@ further justifies a change in password policy.
When users are selecting their own passwords for use at NERSC, the When users are selecting their own passwords for use at NERSC, the
following requirements must be used. following requirements must be used.
* The password change interface will include a strength meter, * The password must register as either 'safe' or 'very safe' on
and the strength level for a new password must be either 'safe' a password strength meter that is provided.
or 'very safe.' * If MFA is not enabled for your account the minimum password
* The minimum length is 8 characters if MFA is enabled for your length is 14 characters. The enforced minimum length for accounts
account. Otherwise, it should be at least 14 characters. with MFA enabled is 8 characters, but in practice it may be
difficult to select a password that registers as 'safe' on the
meter with this short password.
* There is no character complexity rule regarding inclusion of * There is no character complexity rule regarding inclusion of
uppercase/lowercase letters, digits and special characters. uppercase/lowercase letters, digits and special characters.
* Passwords will have to be changed in every six months. * Passwords will have to be changed every six months.
## Login Failures ## Login Failures
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment