Credential policies control the authentication process for resources in Cisco Unified Communications Manager. A credential policy defines password requirements and account lockout details such as failed login attempts, expiration periods and lockout durations for end user passwords, end user PINs, and application user passwords. Credential policies can be assigned broadly to all accounts of a specific credential types, such as all end user PINs, or they can be customized for a specific application user, or end user.
In Credential Policy Configuration you can configure a new credential policy and then apply that new policy as the default credential policy for each of the following three credential types:
End User PINs
End User Passwords
Application User Passwords
You can also apply the credential policy to a specific end user PIN, end user password, or application user password.
The system can be configured to check for trivial passwords and PINs. A trivial password is a credential that can be easily hacked, such as a password that be guessed easily such as using ABCD as your password or 123456 as your PIN.
Non-trivial passwords meet the following requirements:
Must contain three of the following four characteristics: uppercase character, lowercase character, number, or symbol.
Must not use a character or number more than three times consecutively.
Must not repeat or include the alias, username, or extension.
Cannot consist of consecutive characters or numbers. For example, passwords such as 654321 or ABCDEFG are not allowed.
PINs can contain digits (0-9) only. A non-trivial PIN meets the following criteria:
Must not use the same number more than two times consecutively.
Must not repeat or include the user extension, mailbox, or the reverse of the user extension or mailbox.
Must contain three different numbers. For example, a PIN such as 121212 is trivial.
Must not match the numeric representation (that is, dial by name) for the first or last name of the user.
Must not contain groups of repeated digits, such as 408408, or patterns that are dialed in a straight line on a keypad, such as 2580, 159, or 753.
Apply the configured credential policy as the default credential policy for any of three credential types: end user passwords, and application users. The default credential policy will be applied by default to that credential type for newly provisioned users.