Password requirements

Rhythm for Civics supports a variety of different password requirements.

First, you can specify criteria for the content of users' passwords, such as the minimum length and the required characters. On the Portal User node in the Portal configuration, use the Minimum Required Password Length attribute to specify the minimum number of characters, and use the Minimum Required non Alpha Numeric Length attribute to specify the minimum number of special characters.

You can also use regular expressions to define more complex password criteria. You can use either the Password Strength Regular Expression attribute on the Portal User node, or use the Password Criteria node under Setup > Login.

The Login node also has a child Banned Words node that you can use to list strings that are not allowed in user passwords.

Note: In addition to the list of banned words in the configuration, the user's first name, last name, user name, and email are always banned.

For added security you can specify lockouts for invalid password attempts. Use the Maximum Invalid Password Attempts attribute on the Portal User node to specify the number of attempts before a user is locked out, and use the Maximum Lockout Period to specify the number of minutes a lockout will last.

Note: Because security questions are not supported in the Billing Portal, the Maximum Invalid Password Answer Attempts and Requires Question and Answer attributes on the Portal User node are not applicable.

Finally, you can define rules for changing passwords. Use the Maximum Password Age attribute on the Portal User node to specify the number of days before users must change their passwords, and use the Password History attribute to specify the number of passwords to store in the password history. Previous passwords cannot be reused until they are cleared from the password history.

See Portal configuration.