Password Policy
You can configure your password policy in the System Settings section of Builder.
Changes will take immediate effect after you click ‘Submit’. Users logging in after you have clicked ‘Submit’ will have to use a password that adheres to your new password policy.
Note that in order to edit these settings, a user must have the 'Edit System Settings' access option enabled as part of their user role. Users without this access option will be able to view the settings in read-only mode.
You can configure the following settings for your password policy:
Setting | Note |
---|---|
Maximum age in days of password | Enter the maximum number of days you want users to be able to use a password for before the system prompts them to update it. |
Minimum age in days of password | Enter the minimum number of days that a user cannot update their password for. |
Maximum length of password | Enter the maximum number of characters you require your users' passwords to be. Note that this value must be equal to or greater than the combined 'number character count' and 'symbol character count' values which you might set elsewhere in your password policy settings. Maximum password length is 64. |
Minimum length of password | Enter the minimum number of characters you require your users' passwords to be. |
Password must contain an upper-case and a lower-case letter | Select if you want to make it mandatory for your users to use at least one lower-case letter and one upper case letter in their passwords. |
Password must contain this many numbers | Enter the number of numbers you require your users' passwords to contain. Note that the password's maximum length must be longer than the combined symbol count and this number count. |
Password must contain this many symbols | Enter the number of symbols you require your users' passwords to contain. Note that the password's maximum length must be longer than the combined number count and this symbol count. |
Number of failed attempts before a user gets locked out | Enter the number of times a user can enter the wrong password before they are locked out of the system. They will then have to speak to the relevant parties to get their password reset. Note that if you enter a value here, you must also enter a value for the 'Length of time to lock out a user in minutes' setting. |
Length of time to lock out a user in minutes | Enter the length of time in minutes you want a user to be locked out for when they have entered their password incorrectly too many times. Note that you must add a value here if a value has been added for the 'Number of failed attempts before a user gets locked out' setting. |
Number of previous passwords to store | Enter the number of previous passwords you want the system to store to prevent users reusing the same passwords again. Note that if you enter a value here, you must also enter a value for the 'Number of days to store previous passwords' setting. |
Number of days to store previous passwords | Enter the number of days previous passwords are to be stored. Note that you must add a a value here if a value has been added for the 'Number of previous passwords to store' setting. |
IP Ranges Allowed | Enter a valid IPV4 address in CIDR notation. Multiple IP ranges can be added. |
Note that only one password policy can be set.
Last updated