Password Security

As an administrator you can set the criteria for user passwords, including password expiration rules, password length requirements, and the number of failed sign-in attempts permitted before a user ID is locked from the system.

After clicking the Settings tab, click Password Security. The Settings | Password Security page appears. Enter or choose the following:  

  • Minimum password length: Enter the minimum length of the password. We recommend at least 6 characters.

  • Password expiration: Enter the number of days a password can be used before it “expires” and needs to be reset. We recommend 120 days.

  • Password reuse history: Enter the number of passwords that must be set before a password can be reused. We recommend that at least 3 unique passwords be established before one can be reused.

  • Maximum sign-in attempts:  Enter the number of failed log in attempts allowed before a user is locked from trying again. We recommend between 5 and 10 attempts.

  • User Lockout time: Once a user has been locked out of the system due to exceeding the maximum failed log in attempts, this is the amount of time that must pass before the user will automatically be allowed to retry without administrator intervention. Use this option with caution.

  • Prohibit the use of common words in passwords: Click this checkbox to prohibit the use of any words found in the dictionary.  For example, the word "password" is prohibited, but "p8ssw0rd" is permitted. We recommend that you use this option for added security.

  • Force passwords to contain at least one letter and one number:  Click this checkbox to force passwords to contain at least one letter and one number within them. We recommend that you use this option for added security.

  • Activate “Remember Me” feature: Click this checkbox to allow the user to click the “Remember Me” checkbox on the log-in page, which stores their username for future use.

  • Enable secret question and answer for password reset:  This option is not currently used.