Once upon a time in a land of legacy systems and mystical green screens, brave programmers roamed freely with passwords like “123456” and “PASSWORD1.” But then came the prophecy: “Thou shalt not allow weak credentials to guard thy sacred data.” And thus began the quest to enforce secure IBM i passwords.

Or did it?

Well… not quite.

Fast forward several decades, and those days are back. We all know someone that uses insecure passwords. We all know someone that uses the same password across dozens of systems. Let’s face it, in 2025, using “letmein” is like leaving your front door open with a neon sign saying, “Come Hack Me!” and “Free Data Inside!“

Imagine your IBM i system as that grumpy uncle at family gatherings. He’s reliable, full of old stories (or logs), but absolutely hates weak passwords. “Back in my day,” it grumbles, “we had QPWDLVL set to 0, and we liked it!” But seriously, weak passwords are the #1 way hackers waltz into your enterprise like it’s an all-you-can-eat buffet. Luckily, IBM i has built-in tools to turn your passwords into impenetrable riddles. We’re talking system values, commands, and rules that make your users groan, but none the less, these settings and rules will keep the bad guys out. If you use them!

Let’s take a lighthearted look at the basics right now, and after I recommend reading my detailed system password guide here

Step 1: Crank Up the Password Level (QPWDLVL) – Because Easy Mode is for Noobs

First things first, it’s time to set your password level to something that screams “I’m serious about security!”.

I would start with setting QPWDLVL to 2 or 3. Why? Level 2 lets you have passwords up to 128 characters (that’s novella-length security), plus full support for special characters. Level 3 adds case sensitivity and Unicode, perfect if your users are typing in emojis or ancient runes.

CHGSYSVAL SYSVAL(QPWDLVL) VALUE('2')

Think of it like upgrading from a kiddie pool to an Olympic diving board. Your system might need a reboot (IPL) afterward, because even servers need a nap after big changes. But seriously you can test your change immediately but I recommend scheduling an IPL to the rules takes effect across everything running on the system from startup.

Pro tip: Use PWRDWNSYS RESTART(*YES) if you’re feeling command-line brave or hop into IBM i Access Client Solutions (ACS) for a GUI that’s easier than assembling IKEA furniture.

Step 2: Make ‘Em Long – QPWDMINLEN for the Win

Short passwords? Adorable, but about as secure as a chocolate teapot. Set the minimum length to 10 characters:

CHGSYSVAL SYSVAL(QPWDMINLEN) VALUE('10')

Now your users can’t sneak by with “abc123.” Nope, it’s time for “MyIBMiR0cks%25” or something equally creative. Longer passwords force creativity, turning your technical team into accidental poets.

Step 3: Rule the Rules with QPWDRULES – The Password Police

Here’s where the fun, and frustration, really starts.

QPWDRULES lets you enforce must-haves like digits, letters, and special characters.

CHGSYSVAL SYSVAL(QPWDRULES) VALUE('*DGT *LTR *SPCCHR')

Translation: At least one digit (*DGT), one letter (*LTR), and one special character (*SPCCHR). It’s like telling your password, “You need veggies, protein, and dessert. Your only option is switching chocolate cake for coffee!”

Consider adding these optional enforcers:

• QPWDRQDDIF to ‘3’: New passwords must differ from the last three. No more rotating “Summer2025” to “Fall2025”!
• QPWDPOSDIF to ‘4’: Must change in at least four positions. Hackers hate puzzles.
• QPWDLMTCHR to ‘1’: No repeating characters. Goodbye, “aaaaaaa1!”

Optional Extras: Because Why Not Overdo It?

Want to limit consecutive repeats? QPWDLMTREP to ‘1’. Or require a digit outright with QPWDRQDDGT to ‘1’ (though QPWDRULES covers it). These are like adding hot sauce to your security taco, making it spicy, and way more effective.

Why not check out IBM i ACS which has some nice GUI screens for setting your system value authority settings:

Testing Time: Don’t Skip This, or Your System (and Me) Will Mock You

After tweaking, test like your job depends on it, because it actually might! Try creating bogus passwords and watch the system slap ’em down. Commands to verify:

DSPSYSVAL SYSVAL(QPWDLVL)

And so on for the others. If it works, pat yourself on the back. If not, well… back to the drawing board!

Quick quiz: Which system value enforces special characters? (Hint: It’s QPWDRULES. If you guessed QPWDMINLEN, go sit in the corner with your weak password.)

There you have it. A simple overview on turning your IBM i into a password powerhouse, one system value at a time!

Remember, a strong password policy isn’t just secure, it’s hilarious watching users try to remember “P@ssw0rdExtravaganza2025!”

Stay safe, stay funny, and keep that Power System locked tighter than my Uncle Dave’s wallet.