Password¶
This section allows you to define password requirements for the local user accounts.
Bemerkung
Zammad does not allow you to change your LDAP password, instead, it will set a password in its local database which might confuse your users. This will be addressed in the future by #1169 and #2389.
Warnung
💪 Exception for strong passwords 💪
Please note that below password policies do not affect administrators setting passwords on user accounts. While this seems strange and not safe we believe that an administrator knowing an user’s password is insecure as well.
The suggested workflow is either:
- to use third party logins to not require local passwords at all - or -
- to require your user to reset the password upon first login.
This way administrators are not required to set a user’s password at all!
Maximum failed logins¶
You can choose a value between 4 and 20. This defines how often a login
to a user account may fail until Zammad will lock it. Please note that via UI
the only way to unlock a user account is to change the password (either as admin
or via password reset function (if enabled)).
The default value is 10.
2 lower and 2 upper characters¶
You can add complexity to passwords by enforcing at least 2 upper and lower case characters.
The default value is no.
Minimum length¶
This defines the minimum password length required for users to provide
(from 4 to 20).
The default value is 6.
Digit required¶
This enforces your users to use at least one digit within the password.
The default value is yes.