Set password rules

Follow these steps to secure your system signon.

You need to do this first.

Set a policy that states that passwords must not be trivial and must not be shared.
Set system values to help you with enforcement. Table 1 shows recommended system value settings.

The combination of values in table is fairly restrictive and is intended to significantly reduce the likelihood of trivial passwords. However, your users may find it difficult and frustrating to select a password that meets these restrictions.

Consider providing users with the following:

A list of the criteria for passwords.
Examples of passwords that are and are not valid.
Suggestions for how to think of a good password.

Use the Print System Security Attributes (PRTSYSSECA) command to print your current settings for these system values.

Table 1. System values for passwords
System value name	Description	Recommended value
QPWDEXPITV	How often the system users must change their passwords. You can specify a different value for individual users in the user profile.	60 (days)
QPWDLMTAJC	Whether the system prevents adjacent characters that are the same.	1 (yes)
QPWDLMTCHR	What characters may not be used in passwords.	AEIOU#$@
QPWDLMTREP	Whether the system prevents the same character from appearing more than once in the password.	2 (not allowed consecutively)
QPWDLVL	Whether user profile passwords are limited to 10 characters or a maximum of 128.	0²
QPWDMAXLEN	The maximum number of characters in a password.	8
QPWDMINLEN	The minimum number of characters in a password.	6
QPWDPOSDIF	Whether each character in a password must be different from the character in the same position on the previous password.	1 (yes)
QPWDRQDDGT	Whether the password must have at least one numeric character.	1 (yes)
QPWDRQDDIF	How long a user must wait before using the same password again.	5 or less (expiration intervals)¹
QPWDVLDPGM	What exit program is called to validate a newly assigned password.	*NONE
Note: The QPWDEXPITV system value specifies how often you must change your password, such as every 60 days. This is the expiration interval. The QPWDRQDDIF system value specifies the number of time a user must change their password before then can use their original password again. QPWDLMTCHR is not enforced at password levels 2 or 3.