Enfore Lotus Notes password Length

Lotus Domino
Platform Issues
We use Notes client 6.5.4. We have some users who have password lengths of 4, 5, 6 and 7 characters in length. I would like to force everyone to use passwords with 8 characters. I think it's done in Domino Administrator, People & Groups, Settings. I believe I have to add a Security setting. The thing is it looks to me as if I have to set a password expiration so as to enable the password length option. Is that correct ? Or is it possible to set the password length option without the password expiration option? Also, if I do manage to change the password length setting, will Notes prompt the non-compliant users the next time they log into Notes?

Answer Wiki

Thanks. We'll let you know when a new response is added.

A good password in Notes remains good until the user changes it or is forced to change it. This means that unless you enforce a password expiration (at least once), your users can keep their simple passwords until they decide to change them. And let’s face it, who changes a password unless they are forced to? We went to stronger passwords when we moved up to 6.5 also, but we have not forced our long-time users to change their passwords. This may change at some point in the future, but we aren’t worrying about it at this time.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
    The password length and quality settings may be applied using the Policy process which is available in Domino 6 and 7. You must be very careful and test the behavior using Explicit policy assignment or you can flood your Help Desk with lots of calls. The password length is new with Policy but the ability to "expire" passwords was implemented before the Policy architecture changes were made. Thus, the two are not "tightly coupled" and you may get some wierd combinations that could cause issues. We fould that if you turned on password checking, (using the password digest in the Person document), the last change date of the Notes password is held in the ID file. If you set a date to force passwords to be changed, your users may get prompted to change their password the next time they try to connect to their server and they may not know how to change their Notes ID password. Another issue is that policy cannot be pushed to the client unless they can authenticate with their mail server. The password change may be forced on the user before they have the policy that sets your new password length. The result is that they cannot change their password to meet your requirements on the first try and they will not be forced to use your new requirements until their next forced change date.
    0 pointsBadges:
  • Gradyneal
    change password
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: