PasswordPolicy
Defines the rules and requirements for user passwords to ensure account security. This entity allows organizations to enforce their security standards by setting minimum password complexity requirements, expiration rules, and usage restrictions. Password policies can vary by user group - for example, administrators might need stronger passwords than regular users. The policy checks for common weaknesses like dictionary words, sequential characters, or passwords that are too similar to the username. It can enforce regular password changes, prevent reuse of recent passwords, and require specific character combinations (uppercase, lowercase, numbers, symbols). The entity also defines account lockout rules after failed attempts and can integrate with external password breach databases to prevent use of compromised passwords. This is crucial for meeting security compliance requirements like PCI DSS, HIPAA, or SOC 2, which often mandate specific password policies.
Properties
| Property | Type | Mode | Description | Required |
|---|---|---|---|---|
| name | string | stored | Unique name identifying this password policy Example: | Required |
| description | string | stored | Explanation of when and why this policy is used Example: | Optional |
| minLength | integer | stored | Minimum number of characters required Example: | Optional |
| maxLength | integer | stored | Maximum number of characters allowed Example: | Optional |
| requireUppercase | boolean | stored | Must include at least one uppercase letter (A-Z) | Optional |
| requireLowercase | boolean | stored | Must include at least one lowercase letter (a-z) | Optional |
| requireNumbers | boolean | stored | Must include at least one numeric digit (0-9) | Optional |
| requireSpecialChars | boolean | stored | Must include at least one special character (!@#$%^&*) | Optional |
| specialCharsSet | string | stored | Allowed special characters for passwords Example: | Optional |
| minUniqueChars | integer | stored | Minimum number of different characters required Example: | Optional |
| prohibitCommonPasswords | boolean | stored | Check against list of commonly used weak passwords | Optional |
| prohibitUserInfo | boolean | stored | Password cannot contain username, email, or name | Optional |
| prohibitRepeatingChars | integer | stored | Maximum allowed consecutive identical characters Example: | Optional |
| prohibitSequentialChars | boolean | stored | Prevent sequential characters like 'abc' or '123' | Optional |
| expirationDays | integer | stored | Days until password expires (0 for no expiration) Example: | Optional |
| expirationWarningDays | integer | stored | Days before expiration to start warning user Example: | Optional |
| passwordHistoryCount | integer | stored | Number of previous passwords that cannot be reused Example: | Optional |
| minPasswordAge | integer | stored | Minimum days before password can be changed again 0 | Optional |
| maxLoginAttempts | integer | stored | Failed attempts before account lockout Example: | Optional |
| lockoutDuration | integer | stored | Minutes account remains locked after max attempts Example: | Optional |
| requireMfaOnReset | boolean | stored | Require two-factor authentication when resetting password | Optional |
| checkPwnedPasswords | boolean | stored | Check if password appears in breach databases | Optional |
| customRegex | string | stored | Additional regex pattern password must match | Optional |
| isActive | boolean | stored | Whether this policy is currently enforced | Optional |
| priority | integer | stored | Order of precedence when multiple policies apply | Optional |
| createdAt | DateTime | stored | When this policy was created | Required |
Examples
Example 1
{
"@type": "PasswordPolicy",
"name": "High Security Policy",
"description": "Enhanced security policy for administrator and privileged accounts",
"minLength": 14,
"maxLength": 128,
"requireUppercase": true,
"requireLowercase": true,
"requireNumbers": true,
"requireSpecialChars": true,
"specialCharsSet": "!@#$%^&*()_+-=[]{}|;:,.<>?",
"minUniqueChars": 8,
"prohibitCommonPasswords": true,
"prohibitUserInfo": true,
"prohibitRepeatingChars": 2,
"prohibitSequentialChars": true,
"expirationDays": 30,
"expirationWarningDays": 7,
"passwordHistoryCount": 24,
"minPasswordAge": 1,
"maxLoginAttempts": 3,
"lockoutDuration": 60,
"requireMfaOnReset": true,
"checkPwnedPasswords": true,
"customRegex": "^(?!.*\\s).*$",
"isActive": true,
"priority": 100,
"createdAt": "2024-01-01T00:00:00Z"
}Example 2
{
"@type": "PasswordPolicy",
"name": "Basic User Policy",
"description": "Standard password requirements for regular user accounts",
"minLength": 8,
"maxLength": 64,
"requireUppercase": true,
"requireLowercase": true,
"requireNumbers": true,
"requireSpecialChars": false,
"minUniqueChars": 5,
"prohibitCommonPasswords": true,
"prohibitUserInfo": true,
"prohibitRepeatingChars": 3,
"prohibitSequentialChars": false,
"expirationDays": 0,
"expirationWarningDays": 0,
"passwordHistoryCount": 3,
"minPasswordAge": 0,
"maxLoginAttempts": 5,
"lockoutDuration": 15,
"requireMfaOnReset": false,
"checkPwnedPasswords": true,
"isActive": true,
"priority": 50,
"createdAt": "2024-01-01T00:00:00Z"
}