Login Options - Password Requirements

  • Updated

Administrators can configure password security requirements for users in the web client. These settings help enforce stronger passwords and improve account security across the system.

Password complexity settings

Administrators can define the minimum password requirements that users must follow when creating or changing a password.

The following requirements can be configured:

  • Minimum password length
  • Require lowercase characters
  • Require uppercase characters
  • Require numeric characters
  • Require special characters

When password complexity rules are enabled, users must enter a password that complies with all configured requirements.

Password expiration

Administrators can configure password expiration policies by specifying the number of days a password remains valid.

Users must change password every XX days based on the given validity period.

When a password expires:

  • The user can still log in using the current password.
  • The user is immediately prompted to change the password before accessing application data.
  • The new password must comply with the active password requirements.

Force password change

Administrators can require users to change their password at the next login.

This can be configured:

  • Per individual user
  • For all users at once using a bulk action

When enabled, the user is prompted to create a new password immediately after logging in.
 

Applying new password requirements

When an administrator changes password requirement settings and saves the configuration, the system prompts the administrator to choose how the new requirements should be applied.

Options:

  • Apply immediately for all users
    All users are required to update their password at the next login.
  • Apply on next password change
    Existing passwords remain valid until the user changes the password or the password expires.

If password requirements are modified and immediate enforcement is selected, all users must update their password to comply with the new policy.

Account lock after failed login attempts

Administrators can configure the maximum number of failed login attempts allowed before an account is locked.

Lock account after X failed attempts

When a user exceeds the configured number of failed login attempts:

  • The user account is disabled.
  • The user cannot log in until the account is re-enabled.
  • An administrator must manually enable the user account.

When users change or reset a password:

  • The password must comply with all active password policies.
  • Non-compliant passwords are rejected.
  • Users receive validation feedback describing which requirements are not fulfilled.

It is recommended to configure strong password policies that include a minimum length and multiple complexity requirements to improve overall system security.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.