Password rules by authentication method

The following table summarizes the password rules and settings for each supported IBM SmartCloud® Notes® client.

Table 1. Password rules and settings by authentication method
Authentication method Password rules Password expiration1 Password changes
Cloud service account identity and password
  • At least eight characters
  • At least four alphabetic characters
  • At least one non-alphabetic character
  • No spaces
  • No more than two consecutive characters
  • No match of any of the eight previous passwords
  • Cannot contain user name or email address
  • Disabled by default
  • Administrators can enable a password expiration interval of 30, 60, 90, 180, or 365 days.
  • By administrator
  • By user
SAML Federated Identity Controlled by company Controlled by company Controlled by company
Cloud service account identity and application password 16 characters (non-case sensitive)
  • Disabled by default
  • Administrators can enable
  • Password changes not allowed
  • Administrators or users can revoke passwords and users then generate new ones
NRPC In service-only environments, and in hybrid environments that do not use policy security settings to configure password requirements, IBM® Notes ID passwords must be at least eight characters and have a password quality of 8, on a password quality scale of 0 (weakest) to 16 (strongest).
  • Disabled by default
  • Administrators can enable through SmartCloud NotesAdministration
  • By administrator
  • By user

1 While it may seem that requiring passwords to expire provides more security, most security experts believe the opposite is true. Password expiration often leads to the use of simpler, more easily-guessed passwords, and to users writing down passwords to remember them. A better policy is to use more complex password phrases that do not expire, whenever possible. In addition to providing better security, this policy also reduces the number of help desk calls generated from users who forget their ever-changing passwords.