As you see in this screen pop, the security level determines whether a pwd is required.
Display System Value
System value . . . . . : QSECURITY
Description . . . . . : System security level
System security level . . . : 40 10=Physical security only (no longer
20=Password security only
30=Password and object security
40=Password, object, and operating
50=Password, object, and enhanced
operating system integrity
If you have a system that doesn’t require a pwd for login, then you are on an unsupported version of the OS.
And, if you don’t know that basic level of OS400 security, you should take some classes or hire someone that does because there are a lot more variables about pwd security, such as these system values:
Value Type Description
QPWDLMTCHR *SEC Limit characters in password
QPWDLMTREP *SEC Limit repeating characters in password
QPWDLVL *SEC Password level
QPWDMAXLEN *SEC Maximum password length
QPWDMINLEN *SEC Minimum password length
QPWDPOSDIF *SEC Limit password character positions
QPWDRQDDGT *SEC Require digit in password
QPWDRQDDIF *SEC Duplicate password control
With QPWDLVL(pwd level) of 2 or three, pwds up to 128 characters including special characters and upper and lower case are supported. There are values for deactivating pwds and devices according to unsuccessful login attempts, expiration dates and pwd handling is only the first step in securing an AS400. All IBM supplied profiles(except QUSER) should have their pwds changed or have a pwd of *none where possible. IBM profiles such as QPGMR or QSYSOPR shouldn’t be used as object owners for non IBM objects nor have pwds because they are commonly known by hackers.