Password policies

Password policies determine the minimum requirements of a user's password and set the rules for changing it.

Note: If you configure Single Sign-On (SSO) to manage user authentication, your Identity Provider determines the password requirements. For more information, see Single Sign-On (SSO) and user auto-provisioning.

The following table describes the current password policies for Alida platform users and members who access the community through the member hub.

Policy Description Default Value
Password Complexity The minimum combination of letters and special characters in a user's password. Minimum of 8 characters, with at least:
  • 1 uppercase character
  • 1 lowercase character
  • 1 numeric character
Commonly Used Passwords Commonly used passwords are banned By default, users cannot use commonly used passwords.
Password Reset Link Timespan The amount of time a reset password link sent to a user's email is valid. 48 hours

Failed Login Attempts

Note: These three values are used in conjunction with each other.

When the default values are applied, the policy reads: If a member enters the wrong password 5 times in a 30 minute window, their account will be locked for 24 hours.

Number of Failed Login attempts before member account is locked The number of times a user can attempt to log in before their account is locked. This value is used in conjunction with Window for Failed Logins and Failed Login Lock. Users can reset their password by following the instructions in the message that appears. 5
Window for failed logins

The number of minutes before the counter for failed logins is reset. This setting is used in conjunction with the Number of Failed Login Attempts value.

For example, a user can attempt to enter their password 5 times within a 30 minute period before they are locked out of their account.

30 minutes
Failed Login Lock

The amount of time a user must wait before logging in again after their account is locked. The user can bypass this setting by clicking the Forgot Password link.

This value is used in conjunction with Number of Failed Login Attempts and Window for Failed Logins.

24 hours
Max Password Age

The password expiry in days.

Password expiration rules cannot be set. If a custom password policy is required, your organization needs to set up a SSO with the application to manage your own password policies.

By default, user passwords do not expire.
Max Password History Users cannot re-use their previous X passwords. 0
Min Password Age Users can only change their password every X minutes. By default, users can change their password as frequently as they want.