Setting password parameters
Use these steps to specify parameters that apply to the password settings for users at all sites in an application database.
-
Open the
Password Parameters form and specify this
information:
- Enforce Mixed Case
- When this field is selected (the default), user passwords must include at least one uppercase character and one lowercase character, for example: MyPassword
- Enforce Number
- When this field is selected (the default), user passwords must include at least one number, for example: mypassword1
- Enforce Special Character
- When this field is selected (the default), user passwords must include at least one special character, for example: my#password. Special characters include any character that is not either an alphabetic character nor a numeric digit.
- Forbid Embedded User Name
- When this field is selected, user passwords cannot include the username.
- Number of Retries
- Specify the number of times users can re-enter their password before being locked out of the system. The default value is 3. A value of 0 disables the lockout feature for all users.
- Lockout Duration (Minutes)
- Specify the number of minutes users are locked out of the system following the maximum number of unsuccessful login attempts. The default lockout duration is 30 minutes.
- Password Length Minimum
- Specify the minimum number of characters required for user passwords. The default value is 8.
- Password Length Maximum
- Specify the maximum number of characters allowed for user passwords. The default value is 30, which is the most allowed by this application.
- Consecutive Identical Character Max
- Specify the number of times a user can consecutively include the same character in the password.
- Password Expiration Days
- Specify the number of days that are to elapse
between a new password reset and its expiration. This calculation starts
each time the user sets or resets the password.
For example, if you specify a value of 60 , and a user resets his password on June 1, the password expires on July 30. The Expiration Date on the Users form is set accordingly.
If you reset this value, the change only affects users who modify their passwords after the change was made. The default value is 0, meaning the password does not expire.
- Password Warning Days
- Specify the number of days before the password expiration
date that the user starts to see a warning that the password is soon to expire.
The warning message displays each time the user logs in and includes the number
of days left until the password expires. For example, if you specify a value of
5, and the user password is set to expire on July 30, the warning message
starts to display on July 26.
The default value is 0 , which means that no warning is given. The value in this field must be less than the value in the Password Expiration Days field.
- Password History Count
- Specify the number of previous passwords that the system is to remember for each user. When a user creates a new password, it cannot match any other previous passwords that the system remembers.
- Password Minimum Days
-
Specify the number of days that must pass after the user resets the password before the user can reset the password again. The intended use of this setting is to prevent users from quickly cycling through the Password History Count so as to effectively keep the same password all the time.
The default value is 0, which indicates that there is no minimum number of days before the password can be reset. System administrators can override this value for users if necessary.
See Password Set Date.
- Save your changes.
The changes are applied to user accounts the next time they log in.