The Password Policy area allows you to manage your platform's password settings. Here, you can alter what Users are required to enter for a password to be accepted by accessplanit, as well as manage locked out durations and messages.
To learn how to set the Password Policy for your platform, click here.
Where to find Password Policy
Click on the User Icon at the top right hand side of the platform and select Administration
Within this page, click the menu option Password Policy
Setting up your Password Policy
When setting up your Password Policy, there are a number of fields which you can fill in. Below is an overview of what they all mean:
Minimum Length This field dictates how long a password must be to be used within accessplanit.
Minimum Numeric The Minimum Numeric field determines how many numbers a password must contain.
Minimum Lowercase and Uppercase These fields determine how many uppercase or lowercase characters a password must have to be acceptable.
Password Expires (Days) The number in this field determined how long a password may be used for before it needs to be reset.
Allowed Failed Attempts This field dictates how many times a User can get their password wrong before accessplanit locks them out.
Password Reuse This field determines how many times a User must change their password before they are allowed to reuse an old password.
Password Min Age (Days) The Password Min Age field is used to prevent a User from resetting their password again after they have reset it. We recommend setting this value to 0.
Lockout Duration This determined how long a User is locked out of their account after they get their password wrong too many times.
If an administrator changes the user's status, this duration is still in effect, so the user will only get one attempt at entering the correct password if they attempt to log in during this amount of time after they were first locked out.
Require one Special Character (? ! $, etc) Ticking this box means that a User will have to include a symbol within their password.
Don't Force Password Change after Reset Ticking this box means that a User won't have to change their password once they've been locked out of accessplanit.
Account Locked Message (leave blank for default) Here, you can add a customised message for a User when they are locked out of their account.
How does the Password Policy work?
Once a User exceeds the number of failed attempts set in the Allowed Failed Attempts field, the User's status is set to Locked.
A User will stay in the status of Locked for the duration stated in the Lockout Duration. They won't be able to access accessplanit during this period unless and admin sets them back to Active within this time. This Lockout time doesn't change, even if the User tries to log in before the Lockout Duration expires.
If a User is set to Active whilst the Lockout Duration is still running, one incorrect attempt at logging into accessplanit will lock them out again.
Once the Lockout Duration expires, if the User hasn't been set back to Active they'll still stay as Locked. However, if they successfully log in after this period, their account status is automatically changed back to Active.
The User will then get the full number of failed attempts specified in the Allowed Failed Attempts field before they'll get locked out again.