The Benefits of Moving to QPWDLVL 2 Then 3 – Moving to a Higher Password Level
What I’d prefer, however, is that you consider moving to an even higher level, with password level 4 being your ultimate goal. First, the benefits of moving to password level 2 or 3:
- Moving the system to one of these levels enables passwords that can be up to 128 characters and can contain any value—uppercase and lowercase letters, numerals, punctuation, spaces, and any special characters. This increases the password character set tremendously and reduces the chances of having the password guessed (assuming appropriate composition rules are applied) and increases the time required to perform a brute-force attack.
- If you need to, you can keep the maximum length of a password at 10, but even by doing that, because of the greatly increased character set that the password can contain, you’ve made it much harder for people to guess a password.
- Password level 2 or 3 also makes the QPWDRULES system value more usable. When using QPWDRULES, you put all of your password composition rules in this one system value (min length, max length, etc. rather than using the individual QPWDMINLEN, for example). Then, I suggest you add the value of *REQANY3 – require any 3, so now users must specify three of the following four in their password: an uppercase letter, a lowercase letter, a digit, or a special character.
- Password level 2 or 3 usually makes it easier for the IBM i passwords to have the same requirements as the network password.
- Users will not have to change their password right away unless you force them to. They can use their existing password even after the system moves to password level 2 or 3.