How can I set up a password policy?

Jiglu has a number of settings that enable you to meet a corporate password policy.

On the User security system settings page you will find the following settings:

  • Minimum password strength - this is how strong a score a password needs to be for it to be allowed. When a user enters a password they will be shown the score as they type. A higher score is associated with a longer password and more variety in the characters it contains. By default this is set to Average.
  • Maximum password changes per day - this will help protect against misuse such as attempting to revert to an earlier password by changing it enough times that it is no longer held in password history. By default any number of changes are allowed.
  • Allow password reuse after - this will prevent users using the same passwords that they have used before. By default 10 previous passwords are held.

Jiglu also maintains a list of passwords that are blocked. By default, this is the top 10,000 passwords over 8 characters in length taken from the NCSC’s pwned passwords list. This is a file on the operating system at /etc/jiglu/passwords-blocklist.conf.

Users will also be barred from using a password if it contains parts of their name, email address account, the system name or the system hostname.

Written by Stephen Hebditch. Published on .
Meeting a corporate password policy controlling minimum strength, number of changes per day and password reuse in Jiglu.