Cloverleaf default password strength rules

These password rules are used by default:

  • It must have 8-15 characters.
  • It must use upper and lowercase characters.
  • It must have at least one digit.
  • It must not contain the user name.

If necessary, then you can edit the password rule to add additional rules. These are not valid by default. For example:

  • Three (3) or more identical characters can be forbidden. For example, aaa or 111.
  • Three (3) or more consecutive characters can be forbidden. For example, abc or 123.

To keep malicious users from guessing the user password, CIS records the count of the number of failed log-in attempts for a user account. The account is locked if the log in fails more than five (5) times.

By default, the lock is released automatically after 15 minutes. This gives users the opportunity to log in again.