PGP Encryption Management Server 3.4.2 and above include additional password complexity/requirements (Symantec Encryption Management Server). 

This article will go over the details on how this functionality works.

Releases of PGP Encryption Server prior to 3.4.2 allow password complexity to be enabled using the steps in article 171746 but passwords do not expire.

PGP Encryption Server 3.4.2 and above include additional password management features including password expiry.

By default, administrator passwords expire every 60 days. 

See the PGP Encryption Server Administrator's Guide for full details but a summary of the new features are:

1. Aging (enable-password-aging) - Whether to enable password aging. This is enabled by default.
2. Minimum age (password-min-age) - How long in days administrators must use a password before they can change it. The default value is 1, the minimum is 0, the maximum is 60.
3. Maximum age (password-max-age) - How long in days before administrators are forced to change their passwords. The default value is 60, the minimum is 0, the maximum is 60.
4. Advance warning (advance-warning-period) - How long in days administrators are warned that their passwords are about to expire. The default value is 15, the minimum is 0, the maximum is 60.
5. History (number-of-passwords-to-remember) - Whether to enable password history. This is enabled by default.
6. Passwords to remember - the number of previous passwords to store. The default is 5, the minimum is 0, the maximum is 30. If this is set to 0 then no passwords will be stored and all previous passwords are deleted.
7. Complexity (enable-complex-password) - Whether to enable password complexity. This is enabled by default. When enabled, administrator passwords must contain the following. Note that no further customization of these settings is available:
   • At least one digit.
   • At least one upper case letter.
   • At least one lower case letter.
   • At least one special character.
8. Minimum length (password-min-length) - The minimum number of characters in the password. The default is 8, the minimum is 8, the maximum is 128.
9. CAPTCHA Enforcement (attempts-without-captcha) - This is the number of failed attempts made before the captcha requirement appears.  
   -1 or 0 will always have captcha enabled.   If you set to 1, then after 1 failed attempt, you will be prompted to enter captcha.  Setting this to 10 will cause captcha to appear after 10 failed attempts.

To modify the above settings, please reach out to Symantec Encryption Support for further guidance.

________________________________________________________________________________________________________________

If you would like to be able to configure a Login Banner, with a customized window for the PGP Encryption Server, please reach out to Symantec Encryption Support.
IMSFR-19