.. _password_strength_rules:

Password Strength Rules
-----------------------

.. index:: user;user password

The platform user and any users created are held to strong password
rules to help reduce the risk of system penetration. These rules are
enforced whenever passwords are changed or set. In order to meet system
password strength rules a user's password must:

*  By default be at least 8 characters long. This can be modified
   with the **user password length <min_length>** command.
   See :ref:`user_security_and_security_policy_management`.
*  Contain at least one capital and one non-capital letter.
*  Contain at least one number.
*  Contain at least one special character.
*  A password change should differ by at least 8 characters 
   from the old password. In other words, if an old password
   was 8 characters, then *all* new password characters should differ.