Super Admins can enable/disable and configure a password policy for their site. Enabling a password policy forces all users to adhere to the site's established 'character' and 'length' requirements when they create and update their account passwords.
Your password policy should require that passwords be complex enough to:
- protect the privacy of your users and
- prevent unauthorized access.
To manage your password policy:
- In the Admin Toolbar, click Admin.
- Navigate to Settings > Security > Password Policy.
Manage your password policy
From here, you can:
- Enable/disable your Password Policy.
- If enabled, configure the password requirements that all users must adhere to when creating/updating their account passwords. You can define:
- The minimum/maximum length your users' passwords must be.
- The characters that must be included (you can even dictate the number of each character a password must contain). Requiring a high minimum password length (e.g., six or seven) and one or two of the Required Characters is a great way to ensure your members' passwords are complex enough to prevent unauthorized access.
Test your password policy
After you save your password policy, test it to make sure it works.
TIP: Test a variety of passwords — and be sure to include some that you know should fail.
- Specify a password that you believe adheres to your Password Policy and click Submit.
- Specify a password that you believe does not adhere to your Password Policy and click Submit.
- A green border and check mark means the password meets the requirements.
- A red border and message indicates the password failed the test.
NOTE: You can change the values in the upper part of the page, but remember to click Save before testing them.
Re-using passwords
NOTE: This information is relevant to "standalone" sites only.
- Users cannot re-use any of their last 5 passwords.
This Higher Logic policy supports our ongoing measures to safeguard your site.