Knowledge Base

Manage Your Password Policy

  • Updated

Admin-Super.png

This article describes how you can manage the password policy for your site. It covers:

  • how to enable and disable the policy.
  • how to configure password criteria (i.e., the length and required characters).

Having a password policy forces all users to adhere to the site's established 'character' and 'length' requirements when they create and update their account passwords.

Your password policy should require that users' passwords be complex enough to:

  • protect the privacy of your users and
  • prevent unauthorized access.

Access the Password Policy page

To manage your password policy:

  1. In the Admin Toolbar, click Admin.

Toolbar-Admin.png

  1. Navigate to Settings > Security > Password Policy.

Manage your password policy

On the Password Policy page, you can configure the requirements that all users must adhere to when creating and/or updating their account passwords.

NOTE: A high-minimum password length (e.g., 10 or more characters) and one or two of the Required Characters is the best way to ensure your members' passwords are complex enough to prevent unauthorized access. Remember, while complexity is important, password length is crucial to prevent brute-force cracking.

On the page:

  1. Check the Password Policy enabled box to enable the policy.
    Uncheck the box to disable the policy.
  2. In the Password Length fields, specify minimum and maximum lengths of passwords.
  3. In the Required Characters fields, specify which characters (uppercase letters, numerals, and "special") are required and how many of each.
    Specify 0 (zero) for characters that are not required.
  4. Click Save.

Test your password policy

After you save your password policy, test it to make sure it works as expected with the criteria that you've set. Test expected "valid" passwords and "invalid" passwords that you expect to fail.

Test a variety of passwords

  • Specify a password that you believe adheres to your Password Policy and click Submit.
    • A green border and a check indicate that the password meets the requirements.
  • Specify a password that you believe does not adhere to your Password Policy and click Submit.
    • A red border and a message indicate that the password does not meet the requirements.

NOTE: You can change the values in the upper part of the page, but remember to click Save before testing them.

Re-using passwords

NOTE: This information is relevant to "standalone" sites only.

  • Users cannot re-use any of their last 5 passwords.

This policy supports Higher Logic's ongoing measures to safeguard your site.

Was this article helpful?
1 out of 3 found this helpful
Return to top

Can’t find what you’re looking for?

Create a Case Call US Support