Password history retention

Access Manager allows you to store a history of previously used local admin passwords, so that if you recover a device from a backup, you can go back in time and get the local admin password that was active at the time the backup was taken.

AMS policies allow you to define both a minimum number of passwords to keep, as well as the minimum number of days a password should be retained for.

If both the Number of previous passwords to keep and Number of days to keep previous passwords setting is in use, then old passwords will not be removed until both thresholds have passed. For example, if you had a policy to generate a new password every day, to keep a minimum of 5 passwords, and to keep passwords for 365 days, you would have 365 passwords in your history. More examples are in the table provided below.

Maximum age
Passwords to keep
Days to keep
Effective number of passwords

1

50

0

50

1

0

50

50

1

5

365

365

1

7

1

7

1

7

7

7

Last updated