Password level

This system value allows you to set a specific password environment where all user profile passwords can have the same length specification.

You can set the password level so that passwords can be shorter, from 1-10 characters, or longer passwords from 1-128 characters. The password level can be set to allow a passphrase as the password value. A passphrase describes a password value which can be very long and has few, if any, restrictions on the characters used in the password value. You can create passphrase that contain blanks between letters, which allows you to have a sentence or sentence fragments for password values. The only restrictions on a passphrase are that it cannot start with an asterisk (’*’) and trailing blanks will be removed.

See Quick reference table for an overview of the password level system value.

Table 1. Possible values for the use password level system value
iSeries™ Navigator	Character-based interface	Description
Short passwords using a limited character set. (0)	0	Password level 0 supports passwords that contain 1-10 alphanumeric characters as well as, $, @, #, and _. Use password level 0 if your system communicates with other servers in a network and those servers either use password level 0 passwords or run on pre-V5R1 versions of the operating system.
Short passwords using a limited character set. Disable NetServer™ passwords for Windows^® 95/98/ME clients. (1)	1	Password level 1 supports the same character set as password level 0, but provides improved security because it removes all NetServer¹ passwords from the system. If you require iSeries NetServer, set your password level to 0 or 2 instead.
Long passwords using an unlimited character set. (2)	2	Password level 2 supports passwords that contain 1-128 characters, and are case sensitive. You can use password level 2 if your system communicates with iSeries NetServer and all user passwords are 1-14 characters long. However, do not use password level 2 if your system communicates with other systems that use password level 0 or 1 passwords or run on pre-V5R1 versions of the operating system.
Long passwords using an unlimited character set. Disable iSeries NetServer passwords for Windows 95/98/ME clients. (3)	3	Password level 3 supports passwords that contain 1-128 characters, and are case sensitive. You cannot use this level when your system communicates with: Other systems in a network and those systems are running with either a password level of 0 or 1 systems that are running an operating system release less than V5R1M0 of OS/400^®. Any other system that limits the length of passwords from 1-10 characters. The iSeries Support for Windows Network Neighborhood (iSeries NetServer)¹ product. PCs that are using versions of iSeries Access that are V5R1 or earlier of OS/400.
The NetServer product for Windows 95/98/ME will not connect to the system when the password level is set to 1 or 3. NetServer passwords are removed from the system at these password levels because of security concerns with the weak encryption used for NetServer passwords. The passwords are easy to decode.

Relationship to security policy

These options provide flexibility in password security based on your security environment. Shorter passwords provide users with easier password management, since there is less chance for misspelling or forgetting password sequences; however, shorter passwords with specific password rules can be guessed by a potential hacker. A longer more involved passwords or passphrases are harder to guess, but can frustrate users and make password management more difficult. For strict security environments you may want to provide passwords that are longer, but provide suggestions for aiding users to remember these passwords. Suggest that users create passphrases that are based on something personal that they can remember easily.

For security environments that have less strict requirements, you can choose a password level that allows for shorter passwords and provide specific rules of password conduct. Whatever password level you choose, provide examples of valid password values and suggestions for formulating original passwords and passphrases. Stress that the passwords provided in your security policy are merely examples and should never be used for actual password values.

Table 2. Quick Reference. Provides details for the password level system value.
iSeries Navigator name	Password level (at next restart)
Character-based interface name	QPWDLVL
Authority	All object access (ALLOBJ) Security administrator (SECADM) Note: The Security Officer (QSECOFR) user profile is shipped with these authorities.
How to access	iSeries Navigator Expand Security > Policies. Right click Password Policy and select Properties. On the General page, you will find the options for password level. Character-based interface In the character-based interface, type `WRKSYSVAL QPWDLVL`.
Changes take effect	At next restart
Default value	Short passwords using a limited character set (0)
Recommended value	See Special Considerations
Lockable	Yes
Special considerations	Changing password levels You cannot change password level 3 to 0 or 1. Since all passwords used at password level 0 or 1 are removed from the system when you change to the password level 3, you must first change the password level from 3 to 2 and then to 1 or 0. At password level 2, you must change all user profile passwords to comply with the character length specified for password level 0 or 1 (10 or less characters) prior to changing to password level 1 or 0. Otherwise, users will not be able to sign on to your system. After changing these passwords you can verify that user profiles to ensure their password comply with the password level to which you are changing. See the online help for Password level for instructions. For detailed considerations and for changing password level, see the section about planning password level changes in Security Reference.

For more in-depth information about this security value, see Chapter 3, "Security System Values" in Security Reference.