Skip to main content
Druva Documentation

Create a Password Policy

Overview

Passwords are a critical aspect of securing your accounts from unauthorized access and essentially serves as the first line of defense in protecting a data breach. It is imperative that administrators must protect their accounts with strong passwords that are difficult to guess for an attacker with malicious intent.

Configuring a password policy for your organization encourages the use of strong passwords and ensures that the administrators get the added security for their Druva accounts.  

A password policy is a set of rules that allows you to govern the password creation and control the password lifecycle. The following criteria help you configure a password policy that best suits your organization: 

  • Password length and complexity:
    Enforces minimum password length, which includes mandatory usage of alphanumeric characters including special characters, that help you build a strong password.
  • Password history:
    Prohibits the usage of old passwords when it is time to set a new password.
  • Invalid login attempts:
    Provides additional security by temporarily blocking the administrator's account for a period of 30 minutes and prevents unauthorized access in the event of repeated invalid/failed login attempts.
  • Password expiry:
    Keeps the password healthy by enforcing a regular cycle of changing passwords as per the predefined intervals.

Only a Druva Cloud administrator can configure a Password Policy.

Enable Password Policy for Administrators

To enable password policy for administrators, perform the following steps:

  1. Click the Druva logo logo.png to access the Global Navigation Panel > Druva Cloud Settings > Access Settings. The Access Settings window appears. 

    NewGBar.png

  2. In the Password Policy section, click Edit. The Edit Password Policy window appears. 

    ConfigurePasswordPolicy1.png

    Provide the appropriate information for each field.
    Field Action

    Enable Password Policy

    If you want to enable the password policy for the administrators, select this checkbox. Additional fields appear.

     This field is grayed out and enabled by default for inSync GovCloud customers.

    Enforce Strong Password

    If you want to enforce a strong password policy, select this checkbox.

    A strong password consists of at least:

    • 12 characters
    • One upper case and one lower case letter
    • One number
    • One special character

    A strong password is hard to guess for people with malicious intent and secures the login experience.

     This field is grayed out and enabled by default for inSync GovCloud customers.

    Cannot Reset Password To Last

    Type the number of previous passwords that the administrator cannot use.

    For example, if you enter 3, then the administrators cannot set their new password to the current password and the previous two passwords.

    Note: If you disable the password policy at a later stage, the previous passwords history is erased permanently.

    Max Invalid Login Attempts

    Type the maximum number of login attempts.

    An administrator's account is locked after the number of invalid login attempts exceeds the number you specify here. 

    Password Expires Every Type the number of days after which the administrator must reset the password.

    Enter a value between 0 and 99 days.
  3. Click Save.
  • Was this article helpful?