Password policies
Password policies determine the minimum requirements of a user's password and set the rules for changing it.
The following table describes the current password policies for the application's users and members who access the community through the member portal.
| Policy | Description | Default Value | |
|---|---|---|---|
| Password Complexity | The minimum combination of letters and special characters in a user's password. | Minimum of 8 characters, with at least:
|
|
| Password Reset Link Timespan | The amount of time a reset password link sent to a user's email is valid. | 48 hours | |
|
Failed Login Attempts Note: These three values are used in conjunction with each other.
When the default values are applied, the policy reads: If a member enters the wrong password 5 times in a 30 minute window, their account will be locked for 24 hours. |
Number of Failed Login attempts before member account is locked | The number of times a user can attempt to log in before their account is locked. This value is used in conjunction with Window for Failed Logins and Failed Login Lock. Users can reset their password by following the instructions in the message that appears. | 5 |
| Window for failed logins |
The number of minutes before the counter for failed logins is reset. This setting is used in conjunction with the Number of Failed Login Attempts value. For example, a user can attempt to enter their password 5 times within a 30 minute period before they are locked out of their account. |
30 minutes | |
| Failed Login Lock |
The amount of time a user must wait before logging in again after their account is locked. The user can bypass this setting by clicking the Forgot Password link. This value is used in conjunction with Number of Failed Login Attempts and Window for Failed Logins. |
24 hours | |
| Max Password Age |
The password expiry in days. Password expiration rules cannot be set. If a custom password policy is required, your organization needs to set up a SSO with the application to manage your own password policies. |
By default, user passwords do not expire. | |
| Max Password History | Users cannot re-use their previous X passwords. | 0 | |
| Min Password Age | Users can only change their password every X minutes. | By default, users can change their password as frequently as they want. | |