Secure system access levels

To help you implement the required level of security for your company, you may wish to restrict system access by using the password system values. A company can control the level of security by setting the password system values requiredly.

For example, if your company has recently added an iSeries™ that runs highly confidential financial applications, you should probably reassess your company's system security policy. In general, your company follows a moderately strict security policy. So, rather than completely rewriting the policy, you decide to restrict signon access to the new Finance system by tightening the password rules.

To secure entry into the Finance system, you must do the following:

Set a policy that states that passwords must not be trivial and must not be shared.
Set system values to help you enforce the new policy. (See Table 1.)

In addition, you may also want to provide users with this information:

A list of the criteria for passwords.
Examples of passwords that are and are not valid. (See Table 2.)
Suggestions for how to think of a good password.

The following table lists the recommended password system value settings to implement your new password requirements (These values can be changed depending on how strict you want to control signon access.):

Table 1. System value settings
Name in iSeries Navigator	Recommended value	Name in character-based interface

Password expiration	60 days	QPWDEXPITV

Restrict consecutive digits	Yes	QPWDLMTAJC

Password level	3 (See note 1.)	QPWDLVL

Maximum password length	8 characters	QPWDMAXLEN

Minimum password length	6 characters	QPWDMINLEN

Require a new character in each position	Yes	QPWDPOSDIF

Require at least one digit	Yes	QPWDRQDDGT

Password reuse cycle	10 passwords	QPWDRQDDIF

Password validation program	None (See note 2.)	QPWDVLDPGM

Restrict repeating characters	Characters may not be used consecutively	QPWDLMTREP

Restricted characters	A,E,I,O,U,@,#, and $	QPWDLMTCHR

Notes:

You may not be able to use password level 3 (Long passwords using an unlimited character set. Disable iSeries NetServer™ on Windows^® 95/98/ME clients.) if you need to connect to or from an iSeries server at V5R1 or earlier or a server that does not support long passwords.
To change this system value, you must use the character-based interface. It is not in iSeries Navigator. Open a character-based interface and type
```
CHGSYSVAL VALUE(QPWDVLDPGM) VALUE('*NONE')
```

The following table provides examples of good and bad passwords:

Table 2. Example passwords
Password	Details
JohnDoe	Bad. Do not use a name. Also, no digits are used.
112000	Bad. Do not use a date that can be identified with you.
aaaxyz	Bad. Uses more than 2 consecutive characters and uses a character that is not allowed (a). Also, no digit is used.
cm2s0j	Good. Meets all the criteria for a good password.
c0mptr	Good. Meets all the criteria for a good password.
Mfc1RB	Good. Meets all the criteria for a good password. The stategy for this password uses the first letter of each word in a sentence, 'My favorite color is Royal Blue.' It also replaces the vowel with a number and uses a combination of upper and lower case characters.

By completing these steps, you have tightened signon access to the finance system by changing the password system values. You can alter the values for each of the password system values to meet the security level for your company. This example has provided one way that the password system values can work together to produce a moderately strict environment.

To learn more about these and other system values you can view and change in iSeries Navigator, see the following:

Password overview: Describes all password system values. In addition, you will find links to specific password articles that describe the different settings for each system value.
i5/OS™ system value finder: Use this tool to find system values in iSeries Navigator. The i5/OS system value finder can be particularly helpful if you are trying to make the switch from the system value terms that were used in the character-based interface to the terms that are now used in iSeries Navigator.
System values categories: Find an introduction to all the categories of system values found in iSeries Navigator.