Password complexity rules

Security iconPlease note the guidelines in our PLCnext Security Info Center.
For developing secure-by-design, IEC 62443‑2 compliant applications with PLCnext Technology, get a good grasp of the concepts used in the security context.

User authentication usually requires a set of restrictions as to how long and complex a password needs to be and which characters a user can choose. With the security demand of periodical changes, the expiration of passwords need to be defined.

Working with rule sets

With firmware 2022.0 LTS or newer the password policy also depends on rule sets so different presets can be administered for different contexts.

The password complexity rules are predefined and depend on the rights of each user. You may need to adjust the rule set to meet the needs of your application.

Pre-defined rule sets

With firmware 2022.0 LTS and 2023.0 LTS,  the "Admin Ruleset" and the "Default Ruleset" are pre-defined as described below.

  • Adapt the rule set to the conditions of your application.

Admin Ruleset

We advise that the user roles Admin, SecurityAdmin, SecurityAuditor, UserManager, CertificateManager and Engineer have the rule set "Admin Ruleset" by default. The following password rules are set:

  • The username must not be included in the password.
  • The last five passwords must not be reused.
  • The password must contain at least ten characters.
  • The password must contain at least one uppercase letter and one lowercase letter.
  • The password must contain at least one number.
  • The password must contain at least one symbol. The allowed symbols are: {}()[]#,;.:^?!|_'~@$%/\=+-*&

Show a screenshot of the tab with the Admin RulesetShow a screenshot of the tab with the Admin Ruleset

 

Default Ruleset

All other user roles may have the rule set "Default Ruleset" by default: 

  • The username must not be included in the password.
  • The last five passwords must not be reused.
  • The password must contain at least eight characters.
  • The password must contain at least one uppercase letter and one lowercase letter.
  • The password must contain at least one number.

Show a screenshot of the tab with the Default RulesetShow a screenshot of the tab with the Default Ruleset

 

 


• Published/reviewed: 2024-09-24   ☀  Revision 073 •