Password Policy

You can configure your password policy in the System Settings section of Builder.

Changes will take immediate effect after you click ‘Submit’. Users logging in after you have clicked ‘Submit’ will have to use a password that adheres to your new password policy.

Note that in order to edit these settings, a user must have the 'Edit System Settings' access option enabled as part of their user role. Users without this access option will be able to view the settings in read-only mode.

You can configure the following settings for your password policy:

Setting
Note

Maximum age in days of password

Enter the maximum number of days you want users to be able to use a password for before the system prompts them to update it.

Minimum age in days of password

Enter the minimum number of days that a user cannot update their password for.

Maximum length of password

Enter the maximum number of characters you require your users' passwords to be. Note that this value must be equal to or greater than the combined 'number character count' and 'symbol character count' values which you might set elsewhere in your password policy settings. Maximum password length is 64.

Minimum length of password

Enter the minimum number of characters you require your users' passwords to be.

Password must contain an upper-case and a lower-case letter

Select if you want to make it mandatory for your users to use at least one lower-case letter and one upper case letter in their passwords.

Password must contain this many numbers

Enter the number of numbers you require your users' passwords to contain. Note that the password's maximum length must be longer than the combined symbol count and this number count.

Password must contain this many symbols

Enter the number of symbols you require your users' passwords to contain. Note that the password's maximum length must be longer than the combined number count and this symbol count.

Number of failed attempts before a user gets locked out

Enter the number of times a user can enter the wrong password before they are locked out of the system. They will then have to speak to the relevant parties to get their password reset. Note that if you enter a value here, you must also enter a value for the 'Length of time to lock out a user in minutes' setting.

Length of time to lock out a user in minutes

Enter the length of time in minutes you want a user to be locked out for when they have entered their password incorrectly too many times. Note that you must add a value here if a value has been added for the 'Number of failed attempts before a user gets locked out' setting.

Number of previous passwords to store

Enter the number of previous passwords you want the system to store to prevent users reusing the same passwords again. Note that if you enter a value here, you must also enter a value for the 'Number of days to store previous passwords' setting.

Number of days to store previous passwords

Enter the number of days previous passwords are to be stored. Note that you must add a a value here if a value has been added for the 'Number of previous passwords to store' setting.

IP Ranges Allowed

Enter a valid IPV4 address in CIDR notation. Multiple IP ranges can be added.

Note that only one password policy can be set.

Last updated