All Products
Search
Document Center

Resource Access Management:Configure a password policy for RAM users

Last Updated:Jan 30, 2024

This topic describes how to configure a password policy for the Resource Access Management (RAM) users of your Alibaba Cloud account. You can specify password complexity requirements, including the password length, validity period, and password history check.

Background information

Your password is hashed by using Secure Hash Algorithm 256 (SHA-256) with a salt value. Alibaba Cloud does not save your password in plaintext. This ensures password security.

Procedure

  1. Log on to the RAM console with your Alibaba Cloud account.

  2. In the left-side navigation pane, choose Identities > Settings.

  3. On the Security Settings tab, click Edit next to Password Strength Settings. In the Edit panel, configure the parameters.

    • Password Length: This parameter specifies the minimum length of a password. The value ranges from 8 to 32.

      Note

      To ensure account security, we recommend that you set this parameter to a value greater than or equal to 8.

    • Required Elements in Password: The available elements include Uppercase Letters, Lowercase Letters, Numbers, and Symbols.

      Note

      To ensure account security, we recommend that you select at least three of the preceding elements.

    • Minimum Different Characters in Password: The value ranges from 0 to 8. The default value is 0, which indicates that no limits are imposed on the number of unique characters in a password.

    • Include Username in Password: The valid values are Allow and Do Not Allow. You can select one based on your business requirements.

      • Allow: A password can contain the username.

      • Do Not Allow: A password cannot contain the username.

    • Password Validity Period: The value ranges from 0 to 1095, in days. The default value is 0, which indicates that the password never expires.

      Note
      • To ensure account security, we recommend that you set this parameter to a value less than or equal to 90.

      • If you reset a password, the password validity period restarts.

    • Action After Password Expires: You can specify whether to allow a RAM user to log on to the Alibaba Cloud Management Console after the password of the RAM user expires. You can select Deny Logon or Allow Logon based on your business requirements.

      • Deny Logon: After the password of a RAM user expires, the RAM users cannot log on to the Alibaba Cloud Management Console. The RAM users can log on to the console only after you reset the password by using your Alibaba Cloud account or as a RAM user who has administrative rights.

      • Allow Logon: After the password expires, the RAM users can change the password and use the new password to log on to the Alibaba Cloud Management Console.

    • Password History Check Policy: You can prevent the RAM users from reusing the previous N passwords. The value ranges from 0 to 24. The default value is 0, which indicates that the RAM users can reuse previous passwords.

    • Password Retry Constraint Policy: This parameter specifies the maximum number of password retries. If you enter the wrong passwords for the specified consecutive times, the account is locked for one hour. The value ranges from 0 to 32. The default value is 0, which indicates that the password retries are not limited.

      Note
      • To ensure account security, we recommend that you set this parameter to a value less than or equal to 5.

      • After you change the password, the number of password retries is reset to zero.

  4. Click OK.

Result

The password policy applies to all RAM users of your Alibaba Cloud account.