To manage your vSphere environment, you must be aware of the vCenter Single Sign-On password policy, of vCenter Server passwords, and of lockout behavior.
vCenter Single Sign-On Administrator Password
The password for the administrator of vCenter Single Sign-On, email@example.com by default, is specified by the vCenter Single Sign-On password policy. By default, this password must meet the following requirements:
At least 8 characters
At least one lowercase character
At least one numeric character
At least one special character
The password for this user cannot be more than 20 characters long. Starting with vSphere 6.0, non-ASCII characters are allowed. Administrators can change the default password policy. See the Platform Services Controller Administration documentation.
vCenter Server Passwords
In vCenter Server, password requirements are dictated by vCenter Single Sign-On or by the configured identity source, which can be Active Directory, OpenLDAP.
vCenter Single Sign-On Lockout Behavior
Users are locked out after a preset number of consecutive failed attempts. By default, users are locked out after five consecutive failed attempts in three minutes and a locked account is unlocked automatically after five minutes. You can change these defaults using the vCenter Single Sign-On lockout policy. See the Platform Services Controller Administration documentation.
Starting with vSphere 6.0, the vCenter Single Sign-On domain administrator, firstname.lastname@example.org by default, is not affected by the lockout policy. The user is affected by the password policy.