Knowledge Base

Manage your Password Policy

  • Updated

Admin-Super.png

This article...

  • Describes how to enable and disable your site's password policy.
  • Details how to set minimum and maximum password lengths, and required characters.
  • Explains the importance of password length and complexity.
  • Instructs how to test passwords to ensure your policy requirements are enforced.

Having a password policy forces all users to adhere to the site's established 'character' and 'length' requirements when they create, update, and reset their account passwords.

Your password policy should require that users' passwords be complex enough to:

  • protect the privacy of your users and
  • prevent unauthorized access.

Access the Password Policy page

To access the Password Policy page:

  1. In the Admin Toolbar, click Admin.

Toolbar-Admin.png

  1. Navigate to Settings > Security > Password Policy.

The Password Policy page has three sections in which you can:

  • configure the required length of account passwords,
  • specify the required types of characters, and
  • input a variety of passwords in order to test the validation of the policy.

Manage your password policy

On the Password Policy page, you configure the requirements that all users must adhere to when self-managing their account passwords. Users manage passwords by:

  • creating a password when they join a community;
  • changing a password when they want (e.g., they suspect it's been compromised). and
  • resetting a password under the instruction of an Admin or if they've forgotten it.

NOTE: A high "minimum length" (e.g., 10 or more characters) and two or more required characters is the best way to ensure your members' passwords are complex enough to prevent unauthorized access. Remember, while complexity is important, password length is crucial to preventing brute-force cracking.

On the page:

  1. Check the Password Policy enabled box to enable the policy.
    Uncheck the box to disable the policy.

  1. In the Password Length fields, specify minimum and maximum lengths of passwords.
  2. In the Required Characters fields, specify which characters (uppercase letters, numerals, and "special") are required and how many of each.
    Specify 0 (zero) for characters that are not required.
  3. Click Save.

Test your password policy

After you save your password policy, test it to make sure that it validates the criteria that you've set. You should test expected:

  • "valid" passwords that you expect to "pass" validation and
  • "invalid" passwords that you expect to "fail" validation.

Test a variety of passwords

  • Specify a password that you believe adheres to your Password Policy and click Submit.
    • A green border and a check indicate that the password meets the requirements.
  • Specify a password that you believe does not adhere to your Password Policy and click Submit.
    • A red border and a message indicate that the password does not meet the requirements.

NOTE: You can change the values in the upper part of the page, but remember to click Save before testing them.

Re-using passwords

NOTE: This information is relevant to "standalone" sites only.

  • Users cannot re-use any of their last 5 passwords.

This policy supports Higher Logic's ongoing measures to safeguard your site and its data.

Related articles

See Troubleshooting - Password Resetting for information on:

  • how to access the password-reset page and
  • troubleshooting user issues with password-reset email messages.
Was this article helpful?
2 out of 4 found this helpful
Return to top

Can’t find what you’re looking for?

Create a Case Call US Support