To manage your vSphere environment, you must be aware of the vCenter Single Sign-On password policy, of vCenter Server passwords, and of lockout behavior.

This section discusses vCenter Single Sign-On passwords. See ESXi Passwords and Account Lockout for a discussion of passwords of ESXi local users.

vCenter Single Sign-On Administrator Password

The password for the administrator of vCenter Single Sign-On, administrator@vsphere.local by default, is specified by the vCenter Single Sign-On password policy. By default, this password must meet the following requirements:

  • At least 8 characters
  • At least one lowercase character
  • At least one numeric character
  • At least one special character

The password for this user cannot be more than 20 characters long. Starting with vSphere 6.0, non-ASCII characters are allowed. Administrators can change the default password policy. See the Platform Services Controller Administration documentation.

vCenter Server Passwords

In vCenter Server, password requirements are dictated by vCenter Single Sign-On or by the configured identity source, which can be Active Directory, OpenLDAP.

vCenter Single Sign-On Lockout Behavior

Users are locked out after a preset number of consecutive failed attempts. By default, users are locked out after five consecutive failed attempts in three minutes and a locked account is unlocked automatically after five minutes. You can change these defaults using the vCenter Single Sign-On lockout policy. See the Platform Services Controller Administration documentation.

Starting with vSphere 6.0, the vCenter Single Sign-On domain administrator, administrator@vsphere.local by default, is not affected by the lockout policy. The user is affected by the password policy.

Password Changes

If you know your password, you can change the password by using the dir-cli password change command. If you forget your password, a vCenter Single Sign-On administrator can reset your password by using the dir-cli password reset command.

Search the VMware Knowledge Base for information on password expiration and related topics in different versions of vSphere.