This topic describes how to configure a password policy for the RAM users of your Alibaba Cloud account. You can specify password complexity requirements, including the password length, validity period, and password history check.

Procedure

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Settings.
  3. On the Security Settings tab of the page that appears, click Edit Password Rule. In the panel that appears, configure the parameters.
    • Password Length: This parameter specifies the minimum length of passwords. The value ranges from 8 to 32.
      Note To ensure account security, we recommend that you set this parameter to a value greater than or equal to 8.
    • Required Elements in Password: The available elements include Lowercase Letters, Uppercase Letter, Numbers, and Symbols.
      Note To enhance account security, we recommend that you select at least two of the preceding elements.
    • Minimum Different Characters in Password: The value ranges from 0 to 8. The default value is 0, which indicates that no limits are imposed on the number of unique characters in a password.
    • Include Username in Password: The valid values are Allow and Do Not Allow. You can select one based on your business requirements.
      • Allow: A password can contain the username.
      • Do Not Allow: A password cannot contain the username.
    • Password Validity Period: The value ranges from 0 to 1095, in days. The default value is 0, which indicates that the password never expires.
      Note If you reset a password, the password validity period restarts.
    • Action After Password Expires: You can specify whether to allow the RAM users to log on to the Alibaba Cloud Management Console after their passwords expire. You can select Deny Logon or Allow Logon based on your business requirements.
      • Deny Logon: After the password expires, you cannot use the password to log on to the Alibaba Cloud Management Console. You can log on to the console only after you reset the password by using your Alibaba Cloud account or as a RAM user that has administrative rights.
      • Allow Logon: After the password expires, you can change the password as a RAM user and use the new password to log on to the Alibaba Cloud Management Console.
    • Password History Check Policy: You can prevent RAM users from reusing the previous N passwords. The value ranges from 0 to 24. The default value is 0, which indicates that the RAM users can reuse previous passwords.
    • Password Retry Constraint Policy: This parameter specifies the maximum number of password retries. If you enter the wrong passwords for the specified consecutive times, the account is locked for one hour. The value ranges from 0 to 32. The default value is 0, which indicates that the password retries are not limited.
      Note After you change the password, the number of password retries is reset to zero.
  4. Click OK.

Result

The password policy applies to all RAM users of your Alibaba Cloud account.