Reference: Policy Pages Reference : Security policy settings : Password Policy
  
Password Policy
Choose one of these password policy templates, depending on your security requirements:
Strong—Sets the password policy to more stringent enforcement settings. Selecting this template automatically prepopulates the password policy with stricter settings commonly required by higher security standards such as for the Department of Defense.
Basic—Reverts the password policy to its predefined settings so you can customize your policy.
For details about password policy, see the SteelHead User Guide for SteelHead.
Under Password Management, these configuration options are available:
Login Attempts Before Lockout specifies the maximum number of unsuccessful login attempts before temporarily blocking user access to the appliance. The user is prevented from further login attempts when the number is exceeded. The lockout expires after the amount of time specified in Timeout for User Login After Lockout elapses.
Timeout for User Login After Lockout specifies the amount of time, in seconds, that must elapse before a user can attempt to log in after an account lockout due to unsuccessful login attempts. The default for the strong security template is 300.
Days Before Password Expires specifies the number of days the current password remains in effect. The default for the strong security template is 60. To set the password expiration to 24 hours, specify 0. To set the password expiration to 48 hours, specify 1. Leave blank to turn off password expiration.
Days to Warn User of an Expiring Password specifies the number of days the user is warned before the password expires. The default for the strong security template is 7.
Days to Keep Account Active After Password Expire specifies the number of days the account remains active after the password expires. The default for the strong security template is 305. When the time elapses, RiOS locks the account permanently, preventing any further logins.
Minimum Interval for Password Reuse specifies the number of password changes allowed before a password can be reused. The default for the strong security template is 0.
Under Password Characteristics, these configuration options are available:
Minimum Password Length specifies the minimum password length. The default for the strong security template is 14 alphanumeric characters.
Minimum Uppercase Characters specifies the minimum number of uppercase characters required in a password. The default for the strong security template is 1.
Minimum Lowercase Characters specifies the minimum number of lowercase characters required in a password. The default for the strong security template is 1.
Minimum Numerical Characters specifies the minimum number of numerical characters required in a password. The default for the strong security template is 1.
Minimum Special Characters specifies the minimum number of special characters required in a password. The default for the strong security template is 1.
Minimum Character Differences Between Passwords specifies the minimum number of characters that must be changed between the old and new password. The default for the strong security template is 4.
Maximum Consecutively Repeating Characters specifies the maximum number of consecutively repeating characters allowed in a password. The default value is 3.
Prevent Dictionary Words prevents the use of any word that’s found in a dictionary as a password. By default, this control is enabled.
Enable Session Management allows you to limit the number of logins when specify a Global Maximum login limit. The default value is -1 which allows unlimited logins.