Set the password policy in macOS Server
You can use the Server app to set a password policy that’s applied to all users. Changes take effect the next time users log in.
There are two types of policies: disabling login when specific conditions are met, and password restrictions.
The server enforces password policies for users. For example, a user’s password policy can specify a password expiration interval. If the user tries to log in and the server determines that the user’s password has expired, the user must set a new password to log in.
Password policies can disable a user account on a specified date, after a number of days, after a period of inactivity, or after a number of failed login attempts. Password policies can also require passwords to be a minimum length, contain at least one letter, contain at least one numeral, differ from the account name, differ from recent passwords, or be changed periodically.
Important: If you choose to disable a user account after a number of failed login attempts, the user account is automatically reenabled after one minute.
In the sidebar of the Server app
, select Users.Select Local Users or Local Network Users (for Open Directory users).
Click the More button
and choose Edit Password Policy.Select the options to enable, then click OK.