Jira のパスワード ポリシー

Configuring Security

このページの内容

関連コンテンツ

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

概要

The JIRA password policy enables JIRA Administrators to set limits and restrictions on the types of passwords their users can create. You can use this feature to create a more secure JIRA system for your company.

Note: The JIRA password policy is disabled by default. To turn it on and configure it, follow the instructions below. Also, this policy is only useful when JIRA users can change their own passwords. If JIRA is connected to an Active Directory, this policy should not be used.

Enabling the password policy

  1. Log in as a user with the JIRA Administrators global permission.
    Choose the cog icon  > System. Next, select Password Policy on the left.
    (tick) Keyboard shortcut: g + g + start typing password
    Select one of the following options:
    1. Disabled – The equivalent of having no password policy.
    2. Basic – Requires passwords to be at least 8 characters long and use at least 2 character types. Rejects passwords that are very similar to the previous password or the user's public information.
    3. Secure – Requires passwords to be at least 10 characters long and use at least 3 character types including at least 1 special character. Rejects passwords that are even slightly similar to the previous password or the user's public information.
    4. Custom – Lets you use your own settings.
  2. Configure the following fields:
    1. Password Length – Set a minimum and maximum length for your passwords.
      (info) Currently, you must set a maximum length if you enable the password policy and the maximum value allowed is 255.
    2. Character Variety – Use these fields to set requirements around the types of characters – uppercase letters, lowercase letters, special characters, and so on – that are required.
    3. Similarity Checks – See the section below for details on this feature.
  3. Click the Update button at the bottom of the screen when you are ready.

Similarity Checks

This is a system check to make sure that your users aren't creating a new password that is too similar to the current password, the user's name or email address. It can be set to Ignored, Lenient, or Strict.

What is the difference between lenient and strict?

  • Lenient checks for obvious similarities, like reversing the username or moving the front letter to the end.
  • Strict checks for more subtle variations, like mixing up the letters or adding just one new character. It also performs a character frequency analysis.

パスワードに関する FAQ

Question: Why would you ever want a maximum password length?

Answer: Maybe you shouldn't, but you may want to do this for security or other reasons. For example, if you are using a writable external user directory, then that external directory may have its own restrictions on the maximum password length that it allows.

Question: What is Character Variety and why should I use this?

A. 文字の多様性はキーボードで入力できる文字の異なる種類(小文字、大文字、数字、特殊文字)を参照します。異なる文字種を要求するとパスワードが推測されにくくなりますが、覚えるのも難しくなります。このフィールドを設定するときは、ユーザーのことだけでなく、会社の要件を考慮して最善の判断を下してください。 

Question: Does this policy affect existing passwords?

Answer: The policy is only enforced as passwords are changed; there is no way to detect whether or not existing passwords satisfy the policy or to force the users to update their passwords if the policy has been changed.  As a workaround, you can use this Crowd REST resource to forcibly change the users' passwords to something they won't know, thereby requiring them to reset it to get back in, and the password reset enforces the policy rules.

最終更新日 2015 年 9 月 10 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する

関連コンテンツ

Powered by Confluence and Scroll Viewport.