This topic describes how to set a password policy for the RAM users of your Alibaba Cloud account. You can specify password complexity requirements, including the password length, validity period, and password history check.

Procedure

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click Settings under Identities.
  3. On the Security Settings tab, click Edit Password Rule. In the Edit Password Rule pane, set the parameters.
    • Password Length: The password must be 8 to 32 characters in length.
      Note To ensure account security, the password must be at least 8 characters in length.
    • Required Elements in Password: The available elements include lowercase letters, uppercase letters, digits, and special characters.
      Note The password must contain the selected element or elements. To enhance account security, we recommend that you select at least two of the preceding elements.
    • Minimum Different Characters in Password: The value range is from 0 to 8. The default value is 0, which indicates that no limit is imposed on the number of unique characters in a password.
    • Include Username in Password: Select Allow or Do Not Allow.
      • Allow: A password can contain the username.
      • Do Not Allow: A password cannot contain the username.
    • Password Validity Period: The value range is from 0 to 1095, in days. The default value is 0, which indicates that the password never expires.
      Note The password validity period restarts if you reset the password.
    • Action After Password Expires: You can specify whether to allow the RAM users to log on to the RAM console after their passwords expire. You can select one of the following options based on your business needs.
      • Deny Logon: If you select this option, the RAM users can log on to the console only after you reset the passwords by using your Alibaba Cloud account.
      • Allow Logon: If you select this option, the RAM users can change their passwords after the passwords expire. The RAM users can then use the new passwords to log on to the console.
    • Password History Check Policy: You can prevent RAM users from reusing the previous N passwords. The value range is from 0 to 24. The default value is 0, which indicates that the RAM users can reuse previous passwords.
    • Password Retry Constraint Policy: This parameter specifies the maximum number (N) of allowed logon attempts. If you enter wrong passwords for N consecutive times, you are not allowed to log on to the account in the next hour. The value range is from 0 to 32. The default value is 0, which indicates that the logon attempts are not limited.
      Note The number of logon attempts is reset to zero after you change the password.
  4. Click OK.

Result

The password settings apply to all the RAM users of your Alibaba Cloud account.