Custom password policies are created and applied through a security policy settings document.

Through a custom password policy, administrators can restrict or prohibit the use of the following in user passwords:

• user name as part of the password
• repeating characters
• unique characters
• use of special characters (such as punctuation), numbers, upper case and lower case characters
• starting or ending passwords with certain character types
• combinations of non-lower case characters

If the policy has been applied to a new user, the user must first authenticate with the server in order to be prompted to change password first use.

Custom password policies are downloaded to the IBM® Lotus® Notes® ID file when a user first authenticates to the home server. Once stored in the ID file, the policy settings will apply to the user's password the next time a user logs in to the Lotus Notes client, and the user will be prompted to change the password upon first use.

If the user does not change the password to conform to the policy, or cancels out of the change password dialog, the user receives an error message stating that the password does not meet policy requirements, and the Lotus Notes client shuts down.

Custom password policies do not have many validation checks. It is possible for an administrator to create a policy such that no password will ever meet the requirements (for example, maximum length = 4, minimum password quality = 8). Administrators need to make sure that the password policies they implement make sense and can be implmented.

Note Even if you establish a customized password policy, you must still enable "Check passwords on Notes IDs" in the server document in order for IBM® Lotus® Domino™ to check password history.

Restrictions

Custom password policy settings will not:

• support random password generation, either through User Registration or the User Security
• apply to IDs protected with multiple passwords
• apply to IDs protected with Smartcards

Glossary