All Products
Search

This Product

    Resource Access Management:Configure a password policy for RAM users

    Document Center

    Resource Access Management:Configure a password policy for RAM users

    Last Updated:Sep 18, 2024

    This topic describes how to configure a password policy for the Resource Access Management (RAM) users of your Alibaba Cloud account. You can specify password complexity requirements, including the password length, validity period, and password history check. The password policy takes effect on all RAM users of your Alibaba Cloud account.

    Background information

    Your password is hashed by using Secure Hash Algorithm 256 (SHA-256) with a salt value. Alibaba Cloud does not save your password in plaintext. This ensures password security.

    Procedure

    1. Log on to the RAM console as a RAM user who has administrative rights.

    2. In the Password section of the Settings page, click Modify. In the panel that appears, configure the password policy parameters. The following table describes the parameters.

      image

      Parameter

      Description

      Length

      Specify the minimum length for a password. Valid values: 8 to 32.

      Note

      To ensure account security, we recommend that you set this parameter to a value greater than or equal to 8.

      Charset

      Select the types of elements that must be included in a password. Valid values: Lower case, Upper case, Number, and Symbol.

      Note

      To ensure account security, we recommend that you select at least three types of elements.

      Different Characters

      Specify whether to limit the number of different characters in a password. If you select Enable, you must enter a number to specify the number of different characters in a password. Maximum value: 8.

      Do Not Contain Username

      Specify whether a password can contain the username. If you select Enable, a password cannot contain the username.

      Max Age

      Specify whether a password has a validity period. If you select Enable, you must enter a number to specify the validity period. Unit: days. Maximum value: 1095.

      Note

      • To ensure account security, we recommend that you set this parameter to a value less than or equal to 90.

      • If you reset a password, the password validity period restarts.

      Disable Login After Password Expired

      Specify whether a password can be used for console logon after the validity period of the password elapses. If you select Enable, a RAM user cannot use the password to log on to the console after the password validity period elapses. In this case, a RAM user who has administrative rights must reset the password for the RAM user to log on to the console.

      Do Not Repeat History

      Specify whether a history password can be reused. If you select Enable, you must enter a number N to prevent the most recent N history passwords from being reused. Maximum value: 24.

      Max Attempts

      Specify whether to enable password retries. If you select Enable, you must enter a number to specify the maximum number of password retries within 1 hour. If you enter invalid passwords for the specified times, the RAM user is locked for 1 hour. Maximum value: 32.

      Note

      • To ensure account security, we recommend that you set this parameter to a value less than or equal to 5.

      • After you reset a password, the number of password retries is reset to zero.

    3. Click OK.