Setting up a password policy based on organizational limitations or security recommendations for Artifactory can be accomplished by making configuration changes in the Access YAML file. This file is located in the $JFROG_HOME/artifactory/var/etc/access folder in Artifactory 7.x and in the $ACCESS_HOME/etc i.e. $ARTIFACTORY_HOME/access/etc folder in Artifactory 6.x.
In the following configuration file, there are a number of configurations that can be set for Access service-related settings, including the password policy, as below:
password-policy: # users' password policy
uppercase: 0 # minimum number of uppercase letters that the password must contain
lowercase: 0 # minimum number of lowercase letters that the password must contain
digit: 0 # minimum number of digits that the password must contain
length: 4 # minimum length of the password
not-match-old: true # should access allow setting a new password to the same one currently set for the user