Password Control | Teradata Vantage - 2.2 - Password Control - Teradata Vantage

Configuring Teradata Vantageā„¢ After Installation

Teradata Vantage
Release Number
Release Date
January 2021
Content Type
Publication ID
English (United States)
Teradata recommends that all sites enforce strong password controls. Teradata Database offers several options for controlling password format and usage. The DBC.SysSecDefaults table contains a set of global controls that restrict the usage and content of passwords. All the password controls can be modified by updating DBC.SysSecDefaults table, for example:
UPDATE DBC.SysSecDefaults SET PasswordMinChar = 8 ;
Password Control Description Recommendation
ExpirePassword The number of days that must elapse before a password expires. 90 days
MaxLogonAttempts The number of erroneous logons the system allows before it locks the user out of the database. 3 unsuccessful attempts
LockedUserExpire Sets the length of time the system locks out a user for exceeding the maximum number of failed logon attempts (MaxLogonAttempts). 5 minutes
PasswordReuse Defines a time span during which a user cannot reuse a previously used password. When a user changes a password, Teradata Database records the old password and the current date. The next time the user attempts to change the password, Teradata Database compares the new password to the current passwor, and passwords that are not older than PasswordReuse parameter. 270 days

For password control recommendations, see Password Control Recommendations.

In addition to password controls, Teradata provides format controls:

Format Control Descripton Recommendation
PasswordMinChar Sets the minimum number of characters required in a password. 8 characters
PasswordMaxChar Sets the maximum number of characters required in a password. 30 characters
PasswordDigits Determines whether ASCII digits are:
  • "Allowed in a password"
  • "Not allowed in a password"
  • "Required in a password"
PasswordSpecChar Indicates whether ASCII special characters are:
  • "Allowed in a password"
  • "Not allowed in a password"
  • "Required in a password"

You can place tight restrictions on passwords to require a special combination in the password. For values, see Allowable Values.

'R' or 'r', which implies no username, alpha-numeric, upper-lower, and special characters are part of the password.
PasswordRestrictWords Determines whether passwords are rejected if they contain words in the Restricted Words list.

New words can be added or deleted from the PasswordRestrictions table:

INSERT into PasswordRestrictions values ('newrestrictedword');
DELETE from PasswordRestrictions WHERE (RestrictedWords='wordtobedeleted';
'Y', which restricts use of words in PasswordRestrictions table. See Allowable Values.

For format control recommendations, see Password Control Recommendations.