Overview
The security policy controls the password policies that are to be enforced on the system. This is a global option for all users and if changed will enforce a user to meet these requirements when they next change their password.
Configuration
To configure the security policy settings:
- Access the Site Settings -> Security -> Security Policy section.
- Select the Password strength. There are 3 levels of policy that can be used:
| Level |
Description |
| Low Security |
Password must be at least 6 characters long |
| Secure |
Password must be at least 8 characters long and contain at least one lower case letter, one upper case letter and one digit |
| High Security |
Password must be at least 10 characters long, contain at least one lower case letter, one upper case letter, one digit and one special character (#@?!£$%^&*-=+) |
- Enable password expiration: This forces the user to change their password after a certain amount of time. Once enabled, the Password expire after setting is displayed.
- Passwords expire after: This is the amount of time in days that a user will have to change their password.
- Prevent password reuse: This enforces password history so that the same password cannot be used repeatedly.Once enabled, the Passwords to compare setting is displayed.
- Passwords to compare: The number of previous passwords to store to prevent reuse.
- Enable account lockout: This is the maximum number of failed logon attempts (i.e. wrong password entered) for a user until the account becomes locked out for a period of time. Once enabled, the Max login attempts and Account lockout duration settings are displayed.
-
Max login attempts: The maximum number of failed login attempts before a lockout is enforced.
The number of failed login attempts is only reset back to 0 on a successful login.
- Account lockout duration: The number of minutes that the account is locked.
-
Reset All Password: This causes all users to change their passwords when they next login.
This does not apply to Active Directory users.
