How it works and how to configure password policy

The strength of the password concerns the composition of the password that will be generated randomly and automatically by senhasegura® in the process of recycling passwords. The system administrator can create several password strength settings based primarily on the password policies of the target devices.

Passwords can compose a maximum number of 256 characters. If the password strength setting is set to not allow duplicate characters, the maximum limit will be 70.

Through the PAM ➔ Settings ➔ Credentials ➔ Password strength menu, you have access to the configured forces and the action to create new ones.

By default, the system already has 3 registered force’s setup, but only the High force setup will be used. We will see the Credential Policy setting in use.

You can register new forces through the form accessible by the New password strength report action.

The form allows you to configure the composition on the following aspects. How many lowercase and uppercase characters will be used as well as how many special numbers and symbols will be used.

The special characters available are in checkboxes for selection.

You can still determine whether character repetition is allowed. Remember that if your password uses more than 26 characters, more than ten numbers or more than 8 special characters, repetition is inevitable.

As additional security, senhasegura® always validates that the username is not present in the generated password. Let’s see some examples:

A weak password of a legacy system that uses only 5 numeric characters in its passwords

A password from a system that allows 40 characters in your password, varying between numbers, letters and symbols


A password from a system that allows a password of 145 characters. In this case, repetition is inevitable