PhixFlow Help

Password Policy

Used to configure PhixFlow Password Policy details.

Password Policies allow you to specify password complexity (e.g. length, number of special characters etc.), rules on password re-use and password expiry periods.

Users are configured to use one of the password policies that you set up and by default are configured to use the password policy set up in the Advanced tab in the System Configuration form.

Form: Password Policy Details

The form provides the standard form icons

The following fields are configured:

FieldDescription
NameName of the password policy
Passwords must have at least:
Minimum Length

The minimum length of the password. If blank, the minimum length is 1.

Upper Case CharsThe minimum number of upper case characters [A-Z] in the password.
Lower Case CharsThe minimum number of lower case characters [a-z] in the password.
Numeric CharsThe minimum number of digits [0-9] in the password.
Special CharsThe minimum number of special characters in the password ( \ ! " # $ % & ( ) * + , . / : ; < = > ? @ [ ] ^ _ { | } ~ ).
A new password cannot be the same as:
A password used in the last N daysA new password cannot be the same as a password used previously within this number of days.
Any of the last N passwordsA new password cannot be the same as any of this number of previous passwords.
Passwords will expire:
After a warning period of N DaysPasswords will expire after this number of days.
... and a Grace Period of N DaysIf a grace periods is configured, users will receive a warning about password expiry after the "Expiry Period" but the password will not expire until this additional number of days.
Lock account after:
Failed login attemptsThe user's account will be locked after this number of unsuccessful login attempts.
Password reset:
Allow Reset

If ticked, a user can request a password-reset link to be emailed to their configured email address.

When the user follows this link, they must answer one of his previously configured security questions and provide a new password.

Note that emails sent for password resets will have the from address that has been set as the System Email Address in System Configuration.

Maximum reset attempts

The maximum number of attempts the user can make to reset their password. After this number of failed attempts, the user should contact their system administrator.

Reset links valid for

The link in a reset email is valid for this number of minutes. A link older than this will be rejected.

If no value is set, Reset links are valid indefinitely.

Description
DescriptionOptional: a description of the password policy.

Note that setting a field with an empty value means that no restriction is applied.

See Also

Please let us know if we could improve this page feedback@phixflow.com