Solved

Impact of changing the Password complexity level

  • 17 January 2023
  • 5 replies
  • 996 views

Userlevel 2
Badge +8

Dear all,

our Health Report recommends to change the Password Complexity Level from 2 to 3. Once changed, will there be any impact on the current operations in the sense that any job will stop working due to a non-satisfactory password? Is there any way to know which users will be impacted?

 

Sorry if this question sounds a bit dummy

Have a nice day

Gaetano

icon

Best answer by Sean Crifasi 17 January 2023, 16:52

View original

5 replies

Userlevel 4
Badge +9

Hi @Gaetano,

I did a quick test in my lab this morning to confirm for you. In summary, increasing the complexity only impacts new password changes or new account creations not existing users passwords (which is a good thing in my opinion!).

For clarification up front, password complexity level 2 is default even if the setting isn’t in place.

  • I created a new user with a password meeting complexity for level 2 (at least eight characters, one uppercase letter, one lowercase letter, one number, and one special character.)
  • Gave the user some basic permissions and confirmed logon is fine
  • Now I set the complexity to 3 and cycled the Commserve services as required
  • I confirmed my test account logon is still successful with no change
  • However If I want to change the password now I can’t use something similar to before I have to meet the new complexity requirement 
  • Complexity level 3 (minimum of twelve characters. It must be a combination of at least two uppercase letters, two lowercase letters, two numbers, and two special characters.)
  • Same was true for attempting to create a new account now

 

Let me know if you have any additional questions regarding this!

Kind Regards,
Sean

Userlevel 2
Badge +8

Hi @Gaetano,

I did a quick test in my lab this morning to confirm for you. In summary, increasing the complexity only impacts new password changes or new account creations not existing users passwords (which is a good thing in my opinion!).

For clarification up front, password complexity level 2 is default even if the setting isn’t in place.

  • I created a new user with a password meeting complexity for level 2 (at least eight characters, one uppercase letter, one lowercase letter, one number, and one special character.)
  • Gave the user some basic permissions and confirmed logon is fine
  • Now I set the complexity to 3 and cycled the Commserve services as required
  • I confirmed my test account logon is still successful with no change
  • However If I want to change the password now I can’t use something similar to before I have to meet the new complexity requirement 
  • Complexity level 3 (minimum of twelve characters. It must be a combination of at least two uppercase letters, two lowercase letters, two numbers, and two special characters.)
  • Same was true for attempting to create a new account now

 

Let me know if you have any additional questions regarding this!

Kind Regards,
Sean

Hi @Sean Crifasi ,

thank you so much for your detailed explanation and for the test, it is exactly what I needed to make the recommended change with confidence.

Have a nice day!

Gaetano

Badge

Hi, 

 

I was to setup password complexity level 3 for my Commvault environment. can anyone suggest where from it can be done? 

 

Thanks & Regards

Sanjay Kumar

 

Userlevel 4
Badge +9

@Sanjay Kumar 

please see the below doc
https://documentation.commvault.com/2022e/expert/8091_setting_strength_requirements_for_user_passwords.html

Badge

Thank you so much!  @Sean Crifasi 

Reply