Only the Global Administrator has access to set or change the Password Policy; they can activate the policy based on the needs of the entire organization.
Password policies are used to set specific rules on how an applicant creates their password as well as how long that password is to remain active before requiring the applicant to change their password on the CommunityForce site. The Password Policy only needs to be set once and applies to all users entering the site. If you do not have policy rules to establish, you will not need to set a password policy, as the site will automatically default to not activate a policy.
This feature helps the Global Administrator to set a few rules for creating a password for different User Account ID’s. This policy only needs to be set once and applies to all users.
- Step 1: From the Home Dashboard select the Administration Icon to be directed to the Administration Dashboard.
- Step 2: In the Administration Dashboard select the Password Policy icon
- The following screen will open. This setting helps you to activate the policy using several options.
Note: that there are some items that are noted below that may not be activated on your site. You will need to contact CommunityForce for assistance in activating them.
- Step 3: Review all the items below and select each field according to the policy you want to set for your organization.
Items marked with an (*) are required and must be filled in.
Activate the Policy: This is used to activate the password policy. If the administrator clicks on “Yes”, this policy is displayed to the User, while he is creating his/her password. If the administrator clicks on “No”, this policy is not active.
*Enforce Password History: This feature enables the administrator to decide how many previous passwords cannot be reused by the user when resetting his/her password. For example, if the Enforce Password History says “5”, the user cannot use any of his last 5 passwords.
*Maximum Password Age: This describes the maximum duration for which the password will be active to log into an account. For example, if the Maximum Password Age is 60 days, then it means that the password after a maximum of 60 days will expire and needs to be reset or changed to a new one.
*Minimum Password Age: This describes the number of days for which a password has to be active before a user can change it again. For example, if the Minimum Password Age is 5 days, then it means that the user can change the password only after a minimum of 5 days have passed.
*Minimum Password Length: This feature is automatically defaulted to 8 characters when you activate the policy. However, if you wish to increase the minimum number of characters the password can have you can enter that figure here. Note that the default Maximum character length for a password is only 20 characters.
For example, if the Minimum Password Length is 8, it means that the password given cannot have less than 8 characters.
Allow First Name/Last Name/Email ID in password: (This feature must be activated by CommunityForce to use and is automatically defaulted to allow if not activated.) If this is clicked “Yes” it allows the user to use the First Name, Last Name, or email id as part of their password. If clicked “No” the applicant cannot use any of those items in their password.
If users first name is Frances, password cannot be set as Frances or Frances123 etc.
If users last name is Barrick, password cannot be set as Barrick or Barrick123, etc.
If Email ID of the user is FrancesBarrick@cf.com Then the password cannot contain that id anywhere in the password. Ex. FrancesBarrick@cf.com, Francesbarrick@cf.com123 or 123Francebarrick@cf.com would not be able to be used.
Allow Dictionary Words in Passwords: (This feature must be activated by CommunityForce to use and is automatically defaulted to allow if not activated.) If this is clicked “Yes” dictionary words can be allowed in the password. If this is clicked “No” then a dictionary word cannot be used for a password.
Example: The word Apple would not be allowed, while Apple1 would be allowed, because Apple1 is not a word in the dictionary.
Allow Consecutive numbers/characters: (This feature must be activated by CommunityForce to use and is automatically defaulted to allow if not activated.) If this is clicked “Yes” then consecutive characters and numbers can be used in the password. If this is clicked “No” then the same three consecutive characters will not be allowed in the password.
Example: aa is allowed but aaa is not allowed. Similarly, 11 is allowed, but 111 is not allowed.
Complex Password: If this is clicked “Yes”, it then forces the user to use a complex password. This is a combination of uppercase and lowercase letters and numbers.
*Account Lockout Duration: This gives the number of minutes (time limit) for which the account will be locked after multiple invalid login attempts. For example, if the Account Lockdown Duration is given as 60 minutes, then if there have been multiple invalid login attempts, the account will be locked for 60 minutes and will not allow the user to attempt to login again until after that time has passed.
*Account Lockout Threshold: This feature gives the number of invalid login attempts allowed before the account is locked out. For example, if the Account Lockout Threshold is given as 3, the account will be locked after 3 invalid login attempts.
- Step 4: Once you have entered the appropriate settings data set the policy click the Save & Exit to save the information and return to the Administration dashboard.