Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect Access Appliance
  4. Managing the password policy using the UI
NetBackup and NetBackup Appliances Hardening Guide

Managing the password policy using the UI

You can customize the password policies by setting rules for the passwords that are used by the Access Appliance local users. You can set rules for password complexity, password age, and password lockout. Password complexity specifies the number and type of characters a password must include. Password age defines the duration for which the password is valid. Password lockout specifies the number of failed attempts because of incorrect usage of passwords after which a user is prevented from logging in to the account.

The default password policy for a local user is as follows:

Password complexity:

  • Minimum characters: 8

  • Minimum numbers: 1

  • Minimum lowercase characters: 1

  • Minimum uppercase characters: 1

  • Minimum special characters: 1

To change the password policy:

  1. Log in to the web interface of a configured Access Appliance cluster by opening a supported browser and typing:

    http://console-ip:14161

    where console-ip is the management console IP address where the web interface is hosted.

  2. In the left navigation pane, click Settings and then click User management.
  3. Click Manage password policy.
  4. On the Manage password policy page, click Edit.
  5. If you want your password policy to comply with STIG, select Reset to STIG default values to fill in the default values for all the parameters.

    Selecting this option enforces a higher security password policy.

  6. Edit the parameters as required. To ignore a rule, leave the corresponding parameter blank. After making the changes click Save.

Table:

Parameter

Description

Minimum characters

Minimum number of characters to include in a password

Minimum uppercase characters

Minimum number of uppercase characters to include in a password

Maximum repetitive characters of the same class

Maximum number of consecutive uppercase, lowercase, numeric, and special characters

Minimum numbers

Minimum number of numeric characters

Minimum special characters

Minimum number of special characters in a password

Minimum character classes

Minimum character classes to include in a password. Character classes include uppercase, lowercase, numeric, and special characters.

Minimum lowercase characters

Minimum number of lowercase characters

Maximum repetitive characters

Maximum number of characters that can be repeated in a password.

Character difference with old password

Number of characters the new password must differ by from the previous password

Days after which password can be changed

Number of days after which a password can be changed

Days after which password must be changed

Number of days after which a password must be changed

Days before warning message

Number of days before the password expires to display a warning

Minimum different passwords before allowing reuse

Number of unique passwords before a previous password can be reused

Number of incorrect login attempts before lockout

Number of failed login attempts after which the account gets locked

From version 8.2, when you enable STIG or set the password policy, the SSH session is terminated each time you enter an incorrect password. You must open a new SSH session to log on. Previously, the SSH session was terminated only after the total number of failed attempts was reached.

Time before locked account is reenabled

Duration in seconds the account remains locked

Time between login failures before account lockout

Number of seconds between consecutive failed login attempts

To change the maintenance user password

  1. Login to GUI with maintenance user credentials.
  2. Select the Change password option.
  3. Enter the new password. Click Save.

To modify the password policy irrespective of the STIG setting

  1. Login to GUI with appliance administrator credentials.
  2. Navigate to Settings > User Management. Select Manage password policy.
  3. Edit the settings and click Save.

    If you do not want a password expiry date, edit the Days after which password must be changed field and leave it empty. Click Save to save your changes.

Feedback

Was this page helpful?
Previous

Managing the banner from the command-line interface

Next

Managing the password policy from the command-line interface

Feedback

Was this page helpful?