As an account owner or administrator, you can define the criteria for Treasure Data user passwords. All users of your Treasure Data account must adhere to the set of criteria that you specify. When you change the password criteria, existing users receive notification and will have to update their password if they do not already meet the updated criteria.
Specify the Password Policy
Account owners and Administrators can specify the account password policy from the Admin section of the console. Click the Security tab to configure the password policy.
- Specifies how frequently that users must change their password. Specified in days. For example, the value '60 days' means the password must be changed every 60 days. Default: Never
- Minimum Length
- The minimal character length of user passwords. Default: 8
- Saves the value of a specified the number of passwords for a user. User are not allowed to use previous passwords as specified. Default is 6. Example, if you specify the value as '4' then users must create a unique password that does not equal any of the last 4 prior password values.
- Maximum Invalid Login Attempts
- The number of incorrect attempts one user is allowed make while attempting to login. Users must wait a specified timeout length before attempting to login again.
- Timeout Length
- Specified in hours, days, or weeks, the length of time a user must wait before attempting to login after making the maximum number of invalid login attempts. Users must wait this specified timeout length before being allowed to attempt another login.
- Specifies the types of characters that a password must contain. Refer to the following image:
New accounts are defaulted to the password policy you specify. When you change any password criteria, all users receive an email notification that explains that the security requirements have changed, and that users might have to change their password to meet new criteria. If their current passwords already meet the changed criteria, then users can login without updating their password.
Also, account users receive a notice when their current password expires and must be changed.