A password policy determines, which rules must be met by new passwords either changed by users or generated by CzechIdM itself. CzechIdM implements really strong password policies mechanism that allows to define quite a complex rules. Admins can define policies that meet standard MS AD password policies including

• Password history
• Special characters definitions
• Meeting X of Y rules (3 of 4 character groups)
• Password expiration check
• Disallowing user attribute in password

and many others.

Block log in after X unsuccessful login attempts

• Password policies overview

• Password policies implementation