Create a Password Policy
Administration > Manage Password Policy
Only the Global Administrator has access to set, change, or activate the Password Policy based on the needs of the entire organization.
Password policies are used to set specific rules on how an applicant creates their password as well as how long that password will remain active before requiring the applicant to change it on the CommunityForce site. The Password Policy only needs to be set once and applies to all users entering the site. If you do not have policy rules to establish, you will not need to set a password policy, as the site will automatically default to not activate a policy.
This feature helps the Global Administrator to set a few rules for creating a password for different User Account IDs. This policy only needs to be set once and applies to all users.
Exercise 1
Step 1: From the Home Dashboard select the Administration to be directed to the Administration Dashboard.
Step 2: In the Administration, Dashboard select the Manage Password Policy.
The following screen will open. This setting helps you to activate the policy using several options.
Suggested best practices
- Enforce complex passwords to add an extra layer of protection for yourCommunityForcedata.
- Set a password history of at least 3 to ensure users do not continue using the same password.
- Use the Maximum Password Age to force users to change their password after 90 days ora period of time, not more than 180 days.
Create a Password Policy
Note: Some items displayed below may not be activated on your site. You will need to contact CommunityForce for assistance with activating them.
Items marked with an asterisk are required and a value must be entered.
Overview of the Password Policy Fields
Activate the Policy: Click Yes to display this policy to the user while he/she is creating his/her password. Click No if this policy is not active.
Enforce Password History: This feature enables the administrator to decide the number of previous passwords that cannot be reused by the user when resetting his/her password. For example, if the Enforce Password History is “5”, the user cannot use any of his/her last 5 passwords.
Maximum Password Age: This defines the maximum duration for which the password will be active to log into an account. For example, if the Maximum Password Age is 60 days, passwords will expire after a maximum of 60 days and will need to be reset or changed.
Minimum Password Age: This defines the number of days for which a password must be active before a user can change it. For example, if the Minimum Password Age is 5 days, the user can only change the password after a minimum of 5 days has passed.
Minimum Password Length: This feature automatically defaults to 8 characters when you activate the policy. However, if you need to increase the minimum number of characters the password can contain, enter that number here. Note that the default maximum character length for a password is only 20 characters.
Allow First Name/Last Name/Email ID in password: (This feature must be activated by CommunityForce before use and automatically defaults to Yes if not activated.)
- Yes allows the user to use the First Name, Last Name, or email id as part of their password.
- No prevents the applicant from using any of those items in their password.
Examples:
If a user's first name is Frances, the password cannot be set as Frances or Frances 123, etc.
If a user's last name is Barrick, the password cannot be set as Barrick or Barrick123, etc.
If the Email ID of the user if FrancesBarrick@cf.com, the password cannot contain that ID anywhere in the password. For example, FrancesBarrick@cf.com, Francesbarrick@cf.com123, and 123Francesbarrick@cf.com would not be acceptable passwords.
Allow Dictionary Words in Passwords: (This feature must be activated by CommunityForce to use and is automatically defaulted to allow if not activated.)
- Yes allows dictionary words to be used in the password.
- No prevents dictionary words from being used in a password.
Example: The word apple would not be allowed, while Apple1 would be allowed, because Apple1 is not a word in the dictionary.
Allow Consecutive numbers/characters: (This feature must be activated by CommunityForce to use and is automatically defaulted to allow if not activated.)
- Yes allows consecutive characters and numbers to be used in the password.
- No prevents the same three consecutive characters from being used in the password.
Example: aa is allowed but aaa is not allowed. Similarly, 11 is allowed, but 111 is not allowed.
Complex Password: Yes forces the user to use a complex password. This is a combination of uppercase and lowercase letters and numbers.
Account Lockout Duration: This defines the number of minutes (time limit) for which the account will be locked after multiple invalid login attempts. For example, if the Account Lockdown Duration is 60 minutes, then if there have been multiple invalid login attempts, the account will be locked for 60 minutes and will not allow the user to attempt to log in again until after that time has passed.
Account Lockout Threshold: This feature defines the number of invalid login attempts allowed before the account is locked out. For example, if the Account Lockout Threshold is 3, the account will be locked after 3 invalid login attempts.
Once you have entered the applicable settings, click Save and return to the Administration dashboard.