Member Hub password policies

Member Hub password policies apply to Moderators and Collaborators without access to Community and community members.

The following table describes the current member password policies as of June 25, 2019.

Policy Description Default Value
Password Complexity The minimum combination of letters and special characters in a member's password. Minimum of 8 characters, with at least:
  • 1 uppercase character
  • 1 lowercase character
  • 1 special character
    Note: Supported characters:

    !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

  • 1 numeric character
    Note: Password policies created before upgrading the Portal to a member hub are not updated to the current minimum combination of letters and characters.
Password Reset Link Timespan The amount of time a reset password link sent to a member's email is valid. 24 hours

Failed Login Attempts

Note: These three values are used in conjunction with each other.

When the default values are applied, the policy reads: If a member enters the wrong password 5 times in a 30 minute window, their account will be locked for 24 hours.

Number of Failed Login attempts before member account is locked The number of times a member can attempt to log in before their account is locked. This value is used in conjunction with Window for Failed Logins and Failed Login Lock. Members can reset their password by following the instructions in the message that appears. 50 attempts for the same email address, or 10 attempts from the same IP address.
Window for failed logins

The number of minutes before the counter for failed logins is reset. This setting is used in conjunction with the Number of Failed Login Attempts value.

For example, a member can attempt to enter their password 5 times within a 30 minute period before they are locked out of their account.

30 minutes for attempts for the same email address, and 10 minutes for attempts from the same IP address.
Failed Login Lock

The amount of time a member must wait before logging in again after their account is locked. The member can bypass this setting by clicking the Forgot Password link.

This value is used in conjunction with Number of Failed Login Attempts and Window for Failed Logins.

24 hours
Max Password Age

The password expiry in days.

The member can be made to change their password every X days.

By default, member passwords do not expire.
Min Password Age Members can only change their password every X minutes. By default, members can change their password as frequently as they want.