A standard password policy helps to maintain security requirements, whether these requirements are based on government regulations or hospital guidelines.
 | Note: If you are mapping users to an external LDAP system, the IT department in charge of that system determines password policies, configures password expiry, and so on. |
Handling new users and password expiration
As the PACS Administrator, you assign each new user a temporary password. When users first log in, they should change that password.
To increase the security of your system, you can define an expiration date for passwords; for example, passwords must be changed every 90 days. Once the password has expired, users are forced to change it when they log in.
 | Tip: If you set a password expiry date, an automatic reminder to change the password is added to the At-a-Glance area when the expiry date approaches. This reminder includes a direct link to the Change Password dialog. |
Encouraging more secure passwords
To avoid passwords being compromised, implement guidelines such as the following:
Encourage users to make passwords as original as possible while still making them easy to remember. (If users forget their passwords, you can reset them in the Configure area.)
Make passwords longer—the more characters they include, the harder they are to guess.
Include uppercase and lowercase letters as well as numbers to increase the security of the password. Because passwords are case-sensitive, users must type the correct combination of uppercase and lowercase letters when entering passwords.
Implementing higher security password policies
High-security sites usually have extra password security considerations. These include:
Enforcing password complexity requirements by creating a password with a minimum number of alphabetic and numeric characters
Increasing the frequency of password expirations
Maintaining a password history and not allowing the reuse of old passwords
Locking out accounts after a certain number of login attempts
All of these password settings are configured on the Application Server, using the Local Security Policy settings. Refer to “Setting the password and account lockout policies” (topic number 11372) in the IMPAX 6.5.1 Application Server Knowledge Base .
You can customize the message that appears when a selected password does not conform to the password policy.
 | CAUTION! On standalone systems running on Windows XP, password policies cannot be enforced. |