Defining a password policy
To enhance security and better secure the access to the FortiEDR system, you can define a password policy to enforce some basic rules that apply to all user passwords, including the default password you create for each user and existing users that are created before the password policy is defined. All existing users with a password that does not comply with the new password policy will be prompted to change the password at their next login.
To define a password policy:
- Click the Password Policy button ().
- Fill in the displayed window. The requirements you define will be applied to all new and existing users.
Option
Description
Minimum password length Specify the minimum number of characters the password must include. Brute-force protection Specify whether to block user login after five failed login attempts in the Manager console or Rest API. Blocked users will not be able to log in before an administrator resets the password in the Administration -> Users tab.
Require 2FA Require all users to use Two-factor authentication. You can further configure the 2FA prompt frequency to be one of the following:
Always—The user has to re-authenticate for each login.
Daily—The user has to re-authenticate every 24 hours.
Weekly—The user has to re-authenticate every 7 days.
This option enforces 2FA on all users. To require only specific users to use 2FA, leave this option empty and enable the 2FA option for specific users, as described in Users. Require a combination of at least three of the following character types Require all passwords to include at least three of the following character types:
Uppercase letters
Lowercase letters
Digits
Symbols
- Click Save.
After you save the password policy, all new users must follow the password policy. Existing users with a password that does not comply with the new password policy will be prompted to change the password at their next login.