Password guidelines force users to choose a combination of characters and numbers that make it more difficult for people to guess another user's password.
The Enforce Policy and Restrictions setting in the User Password Management Configuration form determines whether password guidelines are used for BMC Remedy ITSM Suite. These guidelines can be further customized from the defaultHealth Insurance Portability and Accountability Act (HIPAA) guidelines by the BMC Remedy AR System administrator.
For example, after passwords have been reset, users might be forced to change their passwords the next time they log on. Check with your BMC Remedy AR System administrator for information about your site's password guidelines. For more information about configuring BMC Remedy AR System password guidelines, see Enforcing a password policy introduction.
The default password guidelines, which follow the HIPAA guidelines, are as follows:
- Blank passwords are not allowed.
- The password cannot match the login name.
- The old password cannot be used when changing the password.
- The password cannot be a dictionary word, which is achieved by the following rules:
- Must be a minimum of eight alphanumeric characters
- Must include at least one uppercase alphabetic character.
- Must include at least one lowercase alphabetic character.
- Must include at least one non-alphanumeric (special) character (for example, #, !, +, %).
Other default restrictions include:
- The administrator or an individual with Security permission must be able to change the password at any time.
- Users (except for the administrator and the password's user) cannot change the password. This is accomplished through the Dynamic Group Access field (ID 60988) on the User form.
- The account is disabled if the user has not changed the password after the number of days specified in the Days after force change until disablement" field in the BMC Remedy AR System User Password Management Configuration form.