packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/includes/templates/pw-strength.tpl
{assign var="title" value="Password strength requirements"}
{include file="header.tpl"}
<h1>Password security policy</h1>
<p>Passwords are often considered <a href="http://www.zdnet.com/blog/service-oriented/passwords-are-the-weakest-link-in-enterprise-it-security-study/8682">one
of the weakest links</a> in information security. For the safety of the entire organization, this appliance employs password security policies designed to
minimize the risk of a successful attack against any account on the system.</p>
<p>These requirements are summarized as follows:</p>
<ul>
<li>Passwords must be a minimum of 8 characters in length.</li>
<li>
For passwords which are 16 characters in length or less:
<ul>
<li>The password contain at least one letter (A-Z, a-z)</li>
<li>The password contain at least digit (0-9)</li>
<li>The password contain at least symbol</li>
</ul>
</li>
<li>
For passwords which are 17 characters in length or greater:
<ul>
<li>Any combination of letters, numbers, and/or symbols is permitted.</li>
</ul>
</li>
</ul>
<p>We recognize that generating secure passwords which meet stringent security requirements can be a difficult exercise. Thus, we allow longer passwords to not contain
symbols, enabling the use of passwords which follow the
<a href="http://xkcd.com/936">XKCD 936</a> pattern. A tool to generate "XKCD 936 compliant" passwords can be found
<a href="https://correcthorsebatterystaple.heroku.com/">here</a>.</p>
{include file="footer.tpl"}