Password policy
You can enable and configure password policy for the FortiAnalyzer.
To configure the password policy:
- Go to System Settings > Admin > Admin Settings.
- Click to enable Password Policy.
- Configure the following settings, then click Apply to apply to password policy.
| Minimum Length | Specify the minimum number of characters that a password must be, from 8 to 32. Default: 8. |
| Must Contain | Specify the types of characters a password must contain: uppercase and lowercase letters, numbers, and/or special characters. |
| Admin Password
Expires after |
Specify the number of days a password is valid for. When the time expires, an administrator will be prompted to enter a new password. |
Password lockout and retry attempts
By default, the number password retry attempts is set to three, allowing the administrator a maximum of three attempts at logging in to their account before they are locked out for a set amount of time (by default, 60 seconds).
The number of attempts and the default wait time before the administrator can try to enter a password again can be customized. Both settings can be configured using the CLI.
To configure the lockout duration:
- Enter the following CLI commands:
config system global set admin-lockout-duration <seconds>
end
To configure the number of retry attempts:
- Enter the following CLI commands:
config system global set admin-lockout-threshold <failed_attempts>
end
Example
To set the lockout threshold to one attempt and set a five minute duration before the administrator can try to log in again, enter the following CLI commands:
config system global set admin-lockout-duration 300 set admin-lockout-threshold 1
end