Password Control | Teradata Vantage - Password Control

Password Control | Teradata Vantage - Password Control - Teradata Vantage

Configuring Teradata Vantage™ After Installation

Product

Teradata Vantage

Release Number

2.2

Published

January 2021

Language

English (United States)

Last Update

2021-05-08

dita:mapPath

gta1588198788318.ditamap

dita:ditavalPath

dby1605127568110.ditaval

dita:id

B700-4014

Product Category

Analytical Ecosystem

Software

Teradata Vantage

Teradata recommends that all sites enforce strong password controls. Teradata Database offers several options for controlling password format and usage. The DBC.SysSecDefaults table contains a set of global controls that restrict the usage and content of passwords. All the password controls can be modified by updating DBC.SysSecDefaults table, for example:

UPDATE DBC.SysSecDefaults SET PasswordMinChar = 8 ;

Password Control	Description	Recommendation
ExpirePassword	The number of days that must elapse before a password expires.	90 days
MaxLogonAttempts	The number of erroneous logons the system allows before it locks the user out of the database.	3 unsuccessful attempts
LockedUserExpire	Sets the length of time the system locks out a user for exceeding the maximum number of failed logon attempts (MaxLogonAttempts).	5 minutes
PasswordReuse	Defines a time span during which a user cannot reuse a previously used password. When a user changes a password, Teradata Database records the old password and the current date. The next time the user attempts to change the password, Teradata Database compares the new password to the current passwor, and passwords that are not older than PasswordReuse parameter.	270 days

For password control recommendations, see Password Control Recommendations.

In addition to password controls, Teradata provides format controls:

Format Control	Descripton	Recommendation
PasswordMinChar	Sets the minimum number of characters required in a password.	8 characters
PasswordMaxChar	Sets the maximum number of characters required in a password.	30 characters
PasswordDigits	Determines whether ASCII digits are: "Allowed in a password" "Not allowed in a password" "Required in a password"	'R'
PasswordSpecChar	Indicates whether ASCII special characters are: "Allowed in a password" "Not allowed in a password" "Required in a password" You can place tight restrictions on passwords to require a special combination in the password. For values, see Allowable Values.	'R' or 'r', which implies no username, alpha-numeric, upper-lower, and special characters are part of the password.
PasswordRestrictWords	Determines whether passwords are rejected if they contain words in the Restricted Words list. New words can be added or deleted from the PasswordRestrictions table: INSERT into PasswordRestrictions values ('newrestrictedword'); DELETE from PasswordRestrictions WHERE (RestrictedWords='wordtobedeleted';	'Y', which restricts use of words in PasswordRestrictions table. See Allowable Values.

For format control recommendations, see Password Control Recommendations.