Teradata recommends that all sites enforce strong password controls. Teradata Database offers several options for controlling password format and usage. The DBC.SysSecDefaults table contains a set of global controls that restrict the usage and content of passwords. All the password controls can be modified by updating DBC.SysSecDefaults table, for example:
UPDATE DBC.SysSecDefaults SET PasswordMinChar = 8 ;
Password Control | Description | Recommendation |
---|---|---|
ExpirePassword | The number of days that must elapse before a password expires. | 90 days |
MaxLogonAttempts | The number of erroneous logons the system allows before it locks the user out of the database. | 3 unsuccessful attempts |
LockedUserExpire | Sets the length of time the system locks out a user for exceeding the maximum number of failed logon attempts (MaxLogonAttempts). | 5 minutes |
PasswordReuse | Defines a time span during which a user cannot reuse a previously used password. When a user changes a password, Teradata Database records the old password and the current date. The next time the user attempts to change the password, Teradata Database compares the new password to the current passwor, and passwords that are not older than PasswordReuse parameter. | 270 days |
For password control recommendations, see Password Control Recommendations.
In addition to password controls, Teradata provides format controls:
Format Control | Descripton | Recommendation |
---|---|---|
PasswordMinChar | Sets the minimum number of characters required in a password. | 8 characters |
PasswordMaxChar | Sets the maximum number of characters required in a password. | 30 characters |
PasswordDigits | Determines whether ASCII digits are:
|
'R' |
PasswordSpecChar | Indicates whether ASCII special characters are:
You can place tight restrictions on passwords to require a special combination in the password. For values, see Allowable Values. |
'R' or 'r', which implies no username, alpha-numeric, upper-lower, and special characters are part of the password. |
PasswordRestrictWords | Determines whether passwords are rejected if they contain words in the Restricted Words list. New words can be added or deleted from the PasswordRestrictions table: INSERT into PasswordRestrictions values ('newrestrictedword');
DELETE from PasswordRestrictions WHERE (RestrictedWords='wordtobedeleted';
|
'Y', which restricts use of words in PasswordRestrictions table. See Allowable Values. |
For format control recommendations, see Password Control Recommendations.