Privileged access password policy

You can use Bravura Security Fabric to create credentials on target systems when managing them. The default privilegd access password policy is used for this and can be modified at Manage the system > Policies > Password policies > PAM_DEFAULT. This password policy is also used when creating a new managed system policy, which can be modified individually.

The default password policy uses some heuristics to make passwords "easy-to-pronounce, easier to remember". In an implementation of Bravura Privilege , where thousands of passwords can be generated and a higher degree of entropy is required, additional strength rules are recommended.

The simplest way around the default "easy to pronounce" heuristics and to increase the entropy of generated passwords is to use white lists at the bottom of the policy, which fit the rules a specific policy requires. For example, for the password to contain at least five uppercase letters, the whitelisted characters would be all the alphabet letters, from A to Z. The same is true for lowercase letters, numbers, and symbols. Spelling out the possible characters used in a password is also a good way to be sure you control which characters are allowed in a password, which is important for many target systems types that reduce the allowable character set.

When whitelists are used, the minimum number of characters in a password should match the total of the whitelist rule counts, and the Maximum number should also be set (its maximum value is 150).