Used to configure PhixFlow Password Policy details.
Password Policies allow you to specify password complexity (e.g. length, number of special characters etc.), rules on password re-use and password expiry periods.
Users are configured to use one of the password policies that you set up and by default are configured to use the password policy set up in the Advanced tab in the System Configuration form.
Form: Password Policy Details
The form provides the standard form icons
The following fields are configured:
Field | Description |
---|---|
Name | Name of the password policy |
Passwords must have at least: | |
Minimum Length | The minimum length of the password. If blank, the minimum length is 1. |
Upper Case Chars | The minimum number of upper case characters [A-Z] in the password. |
Lower Case Chars | The minimum number of lower case characters [a-z] in the password. |
Numeric Chars | The minimum number of digits [0-9] in the password. |
Special Chars | The minimum number of special characters in the password ( \ ! " # $ % & ( ) * + , . / : ; < = > ? @ [ ] ^ _ { | } ~ ). |
A new password cannot be the same as: | |
A password used in the last N days | A new password cannot be the same as a password used previously within this number of days. |
Any of the last N passwords | A new password cannot be the same as any of this number of previous passwords. |
Passwords will expire: | |
After a warning period of N Days | Passwords will expire after this number of days. |
... and a Grace Period of N Days | If a grace periods is configured, users will receive a warning about password expiry after the "Expiry Period" but the password will not expire until this additional number of days. |
Lock account after: | |
Failed login attempts | The user's account will be locked after this number of unsuccessful login attempts. |
Password reset: | |
Allow Reset | If ticked, a user can request a password-reset link to be emailed to his configured email address. When the user follows this link, he must answer one of his previously configured security questions and provide a new password. Note that emails sent for password resets will have the from address that has been set as the System Email Address in System Configuration. |
Maximum reset attempts | The maximum number of attempts the user can make to reset his password. After this number of failed attempts, the user should contact his system administrator. |
Reset links valid for | The link in a reset email is valid for this number of minutes. A link older than this will be rejected. If no value is set, Reset links are valid indefinitely. |
Description | |
Description | Optional: a description of the password policy. |
Note that setting a field with an empty value means that no restriction is applied.