Kisco Systems

Kisco U

IBM i password levels

Home : Kisco U : IBM i password levels

The QPWDLVL system value controls password complexity with these settings:

0 - the default setting which sets up 10 character passwords and is what you are probably used to now if you've been working with the IBM i system for some time.

1 - uses the same 10 character passwords, but the IBM i/OS NetServer passwords for Windows Network Neighborhood access are not kept on the system.

2 - allows passwords of up to 128 characters that are comprised of any character on the keyboard, are case sensitive and may contain blanks (but not all blanks).

3 - implements the same level "2" passwords but adds the restriction on Windows Network Neighborhood that level "1" includes.

4 - IBM i 7.5 adds password level four. This imposes SHA512 encryption for all IBM i user passwords. Level 4 is similar to levels 2 and 3 in that it provides for long (up to 128 character) password phrases.

When you create a new profile, the IBM i/OS creates the associated level 2, 3 and 4 passwords in case you want to move to the higher password level. The codes are already on your system. But take note that embedded codes and certain client software may not be compatible with the longer passwords. Consequently, if you decide to make this change, backup of your current security profiles and passwords using the SAVSECDTA command. Use DSPAUTUSR to check your profiles for users with passwords that will not work at the higher levels.