Password Policy Overview

Search for a solution

The Password Policy area allows you to manage your platform's password settings. Here, you can define what Users are required to enter for a password to be accepted by your accessplanit platform, as well as manage locked out durations and messages.

Learn how to set the Password Policy for your platform

Where to find Password Policy

Click on the User Icon at the top right hand side of the platform and select Administration



Within this page, click the menu option Password Policy


Setting up your Password Policy

When setting up your Password Policy, there are a number of fields which you can fill in. Below is an overview of what they all mean:

Minimum Length
This field dictates how long a password must be to be used within accessplanit.

Minimum Numeric
The Minimum Numeric field determines how many numbers a password must contain.

Minimum Lowercase and Uppercase
These fields determine how many uppercase or lowercase characters a password must have to be acceptable.

Password Expires (Days)
The number in this field determined how long a password may be used for before it needs to be reset.

Please note that password expiration is no long a recommended security setting, as expiring passwords make users select predictable passwords, we recommend setting this as at least 365 days. The accessplanit Checkout basket does not recognise expired passwords and will allow users to log in with their expired password providing they enter the correct current password for their account.

Allowed Failed Attempts
This field dictates how many times a User can get their password wrong before accessplanit locks them out.

Password Reuse
This field determines how many times a User must change their password before they are allowed to reuse an old password.

Password Min Age (Days)
The Password Min Age field is used to prevent a User from resetting their password again after they have reset it. We recommend setting this value to 0.

Lockout Duration
This determined how long a User is locked out of their account after they get their password wrong too many times.

If an administrator changes the user's status, this duration is still in effect, so the user will only get one attempt at entering the correct password if they attempt to log in during this amount of time after they were first locked out.

Require one Special Character (? ! $, etc)
Ticking this box means that a User will have to include a symbol within their password.

Don't Force Password Change after Reset
Ticking this box means that a User won't have to change their password once they've been locked out of accessplanit.

Account Locked Message (leave blank for default)
Here, you can add a customised message for a User when they are locked out of their account.




How does the Password Policy work?

Once a User exceeds the number of failed attempts set in the Allowed Failed Attempts field, the User's status is set to Locked.

A User will stay in the status of Locked for the duration stated in the Lockout Duration. They won't be able to access accessplanit during this period unless and admin sets them back to Active within this time. This Lockout time doesn't change, even if the User tries to log in before the Lockout Duration expires. 

If a User is set to Active whilst the Lockout Duration is still running, one incorrect attempt at logging into accessplanit will lock them out again.

Once the Lockout Duration expires, if the User hasn't been set back to Active they'll still stay as Locked. However, if they successfully log in after this period, their account status is automatically changed back to Active.

The User will then get the full number of failed attempts specified in the Allowed Failed Attempts field before they'll get locked out again.