{assign var="title" value="Password strength requirements"}
{include file="header.tpl"}

<h1>Password security policy</h1>

<p>Passwords are often considered <a href="http://www.zdnet.com/blog/service-oriented/passwords-are-the-weakest-link-in-enterprise-it-security-study/8682">one
	of the weakest links</a> in information security. For the safety of the entire organization, this appliance employs password security policies designed to
	minimize the risk of a successful attack against any account on the system.</p>

<p>These requirements are summarized as follows:</p>

<ul>
	<li>Passwords must be a minimum of 8 characters in length.</li>
	<li>
		For passwords which are 16 characters in length or less:
		<ul>
			<li>The password contain at least one letter (A-Z, a-z)</li>
			<li>The password contain at least digit (0-9)</li>
			<li>The password contain at least symbol</li>
		</ul>
	</li>
	<li>
		For passwords which are 17 characters in length or greater:
		<ul>
			<li>Any combination of letters, numbers, and/or symbols is permitted.</li>
		</ul>
	</li>
</ul>

<p>We recognize that generating secure passwords which meet stringent security requirements can be a difficult exercise. Thus, we allow longer passwords to not contain
	symbols, enabling the use of passwords which follow the
	<a href="http://xkcd.com/936">XKCD 936</a> pattern. A tool to generate "XKCD 936 compliant" passwords can be found 
	<a href="https://correcthorsebatterystaple.heroku.com/">here</a>.</p>

{include file="footer.tpl"}