Setting up a Password Policies
- Olivier Grenet
As an Wedia administrator, you can define the strength of the password your users will choose.
Defining a Password strength policy
Locate in the /admin configuration panel the Authentication Services entry :
Password expiration policy
This can be set up in the first tab of the Authenticated Services entry :
Defining password policies
Multiple password composition policies can be setup in this tab :
Each validation condition can be activated or deactivated. All activated conditions will run when a new user enter a password in any interface (recovered password, portal, back-office, registration…)
When creating a new validation condition, two options are offered :
Basic Password Contraints
Each policy can have the following rules :
Minimal length
Number of required digits
Number of required uppercase letters
Number of required lowercase letters
Number of required symbols
Reuse Password Constraints
This policy lets you set the password history checking, to avoid password reuse :
Setting up a “Change at first login” rule
This rule is set individually for each user :
If you need to have it created by default, change the default value set on a new “user” object :
Setting up a “Deactivate user after xx incorrect attempts” rule
This rule is set individually for each user :
If you need to have it created by default, change the default value set on a new “user” object :
The user who are deactivated will move to a “inactive” status that has to be reset by an administrator to reactivate them.