The minimum requirements for an account within Acquia DAM are a first name, last name, and a valid email address. The Secure Sockets Layer protocol used in the site requires each user to have their own account, accessible with a unique username and password.
Why password requirements became stricter?
The previous DAM minimum password strength settings were below Acquia’s and security best practice standards. To enforce more up-to-date password security and increase overall DAM security for all customers, these requirements were updated.
Default password requirements
New sites and users whose password reset timer expires must now follow these updated default password rules:
| Requirement | Details |
| Minimum Length | 12 characters minimum |
| Minimum Special Characters | 1 special character minimum |
| Minimum Lowercase | 1 lowercase character minimum |
| Minimum Uppercase | 1 uppercase character minimum |
| Minimum Numeric | 1 numeric value minimum |
| Expiration Duration | 90 days maximum |
| Password Reuse | Users cannot reuse the past 24 previously used passwords |
Password expiration and administration
All customers have a default 90-day password expiration. While the new default is 90 days, administrators can still adjust the reset timeline on an individual user level or at the global level with Password Administration. However, this custom timeline must still be within the 90-day maximum rule.
To change password requirements and increase password complexity for all DAM users globally, contact Acquia DAM support.
Login and security features
If a user enters an incorrect password five times, they are locked out of their account for 15 minutes. Administrators cannot override this timeframe.
To increase security, CAPTCHA is on all pages where passwords are created or changed. You must type the characters in the field exactly as they are shown in the CAPTCHA.