In the current PGP Encryption Server environment, users with Administrator Roles can access the server. To prevent any unauthorized access to your server, PGP Encryption Server offers the passphrase security feature to secure administrative accounts from brute-force attacks or dictionary attacks.

Users with SuperUser role can set passphrase security requirements and enforce them on administrators. The default parameters are recommended for general use. 

The PGP Encryption Server offers the following passphrase security requirements for administrator accounts:

*Passphrase Complexity—Helps to create strong passphrases.

*Passphrase History—Prevents reuse of old passphrases.

*Passphrase Aging—Expires passphrases periodically and enforces administrators to create new passphrases.

*Passphrase Reset—Enforces to create a new passphrase when a temporary passphrase is set or a passphrase expires.

*Account lockout—Disables an administrator account after a specified number of consecutive failed login attempts.

By default, these passphrase security requirements protect the PGP Encryption Server administrative accounts and make successful brute-force attacks unlikely. 

If you would like to modify the passphrase security requirements for Administrators that are set by default on the PGP Encryption Server, please reach out to Symantec Encryption Support.

All PGP Administrators should now use the AD Admins functionality outlined in the following KB that will allow you to use your own Active Directory accounts to authenticate to the PGP Encryption Server:

171746 - PGP Administrator Password Complexity Enforcement via AD Admins (Directory Authentication) for PGP Encryption Server