Performance Impact of Password Policy settings

Document ID : KB000047118
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Please let me check about performance influence of Pas?word Policy described in below manual. 
 
Configuring / Policy Server Configuration / Password Policies
How to Configure Password Policies
https://docops.ca.com/ca-single-sign-on/12-52-sp2/en/configuring/policy-server-configuration/password-policies/how-to-configure-password-policies
Following statements are described in "Password Policy Considerations".
(Excerpt) 
Password policies can affect CA Single Sign-On performance because of the additional user directory searches required to validate passwords. Password policies that are configured to search only part of a user directory, instead of the entire directory, can also affect performance. 
 
Related to this description, I have following questions. 
1. What kind of item is the performance which has concrete influence have? 
(Example: Delay of response time, etc.) 
2. Does an influence level different depending on the number of setting items of a password policy? 

 

Answer: 

1. The reason that password policy influences performance is for the writing to a user store is needed. 
Although the difference of time to take each login may be the level which we don't recognize, a difference may come out in the maximum number which can be processed when many login concentrates for a short time. 
When not using password service, the load becomes light since it only needs reading from a user store. 
 
2. The number or complexity of check contents do not influence performance since the definition of password policy itself is loaded on memory of a policy server and can be processed quickly. 
 
However, for example, when using a huge password dictionary, although the password dictionary was loaded into the memory, influencing performance may also occur if there is extremely many registration since it is necessary to perform one by one character string comparison at a time.