Configure Splunk password policies
Use the Password Policy Management page in Splunk Web to create a password policy for your users. Password policies set standards and minimum requirements for complexity.
This task applies to Splunk Enterprise native authentication and does not apply to SAML or LDAP passwords.
- In Splunk Web, click Settings > Access Controls > Password Policy Management.
- In the Minimum characters field, specify the minimum number of characters to require for user passwords. The maximum number of characters Splunk software supports is 256. The default value is 8.
- In the Numeral field, specify the number of digits to require for user passwords. A best practice is to require at least one number and to not allow passwords that are all numbers. The default is 0.
- In the Lowercase field, specify the number of lowercase letters to require for user passwords. A best practice is to require require at least one lowercase letter. The default is 0.
- In the Uppercase field, specify the number of uppercase letters to require for user passwords. A best practice is to require at least one uppercase letter. The default is 0.
- In the Special character field, specify the number of special characters to require for user passwords. A best practice is to require at least one special character. A user can create a password with any printable ASCII characters. The default is 0.
- Check Force existing users to change weak passwords to make existing users upgrade passwords to meet the requirements specified on this page.
- Enable Expiration to force a user to change their password after the specified period of time.
- In the Days until password expires field, specify the number of days until the user must change their password.
- In the Expiration alert in days field, specify the number of days before expiration that warnings appear.
- Enable Lockout to lock a user out of the system after a certain number of failed login attempts.
- In the Failed login attempts field, specify how many failed login attempts a user can make before they are locked out. The default is 5.
- In the Lockout threshold in minutes field, specify the number of minutes between the time of the first failed login until the failed login attempt counter resets.
- In the Lockout duration in minutes field, specify how many minutes the user must wait before they can attempt to log in again. The default value is 30 minutes.
- Enable History to prevent users from reusing previous passwords. Note that if you disable this value and enable it later, previously saved password history is preserved. Delete
$SPLUNK_HOME/etc/opasswdto remove the password history.
- In the Password History Count field, specify the number of previous passwords that may not be reused. The default is 24.
- Click Save.
Your new password requirements are applied to the Set Password field in the Create User page.
Password best practices for administrators
Configure a Splunk password policy in Authentication.conf
This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.3.0, 7.3.1