Forms: Password Policy
Used to configure PhixFlow Password Policy details.
Password Policies allow you to specify password complexity (e.g. length, number of special characters etc.), rules on password re-use and password expiry periods.
Users are configured to use one of the password policies that you set up and by default are configured to use the password policy set up in the Advanced tab in the System Configuration form.
Form: Password Policy Details
The following fields are configured:
| Field | Description |
|---|---|
| Name | Name of the password policy |
| Minimum Length | The minimum length of the password. If blank, the minimum length is 1. |
| Upper Case Chars | The minimum number of upper case characters [A-Z] in the password. |
| Lower Case Chars | The minimum number of lower case characters [a-z] in the password. |
| Numeric Chars | The minimum number of digits [0-9] in the password. |
| Special Chars | The minimum number of special characters in the password ( \ ! " # $ % & ( ) * + , . / : ; < = > ? @ [ ] ^ _ { | } ~ ). |
| Failed login attempts | The user's account will be locked after this number of unsuccessful login attempts. |
| A password used in the last N days | A new password cannot be the same as a password used previously within this number of days. |
| Any of the last N passwords | A new password cannot be the same as any of this number of previous passwords. |
| Expiry Period | Passwords will expire after this number of days. |
| Grace Period | If a grace periods is configured, users will receive a warning about password expiry after the "Expiry Period" but the password will not expire until this additional number of days. |
| Allow Reset | If ticked, a user can request a password-reset link to be emailed to his configured email address. When the user follows this link, he must answer one of his previously configured security questions and provide a new password. Note that emails sent for password resets will have the from address that has been set as the System Email Address in System Configuration. |
| Maximum reset attempts | The maximum number of attempts the user can make to reset his password. After this number of failed attempts, the user should contact his system administrator. |
| Reset links expire after | The link in a reset email is valid for this number of minutes. A link older than this will be rejected. If no value is set, Reset links are valid indefinitely. |
Note that setting a field with an empty value means that no restriction is applied.
Form Icons
The form provides the standard form icons