Server default password policy

Minimum length: 6 - Number of characters.

Generations: 3 - The server stores the specified number of successive passwords, and verifies that the new password does not replicate one of the previously stored passwords. This setting is mainly meant to prevent users, when prompted to change their password, from temporarily changing their password and immediately afterwards re-entering the old password.

Changes per day: 4 - The server only allows users to change their passwords the maximum specified number of times in a single day. This setting is mainly meant to be used in connection with the preceding setting, and to prevent users from defeating requests to change their password to a new, previously unused one.

Locked after (attempts): 5 - Specifies how many unsuccessful logon attempts are allowed before temporarily locking out the user account.

Expires after (days): 90 - Specifies the duration in days of the interval, after which the user is required to select a new password.

Enable request password: Yes - This setting allows users to request a new, system-generated password to be e-mailed to the e-mail address stored in the user settings.

Force complex password: Yes - This setting forces passwords to comply with complexity criteria. If this setting is ticked, the password must contain at least one of each of the following character types: digit (0..9), alphabetic character (a..z, A..Z), non-alphanumeric character (e.g., punctuation marks).

Allow user details in password: No - The server verifies that user details like the username, first name, last name and phone number are not used as parts of the password.

Locked out time (minutes): 1 - Specifies the duration of the interval a user account remains locked out after the maximum number of unsuccessful logon attempts is exceeded.