Page Details: Create Security Profile Password Policy
Required security profile permissions: Security Profile Edit.
Overview
When you create a new security profile or edit an existing one, you can set the complexity of the passwords of users with that security profile, including how often the users must change the password. An indicator at the bottom of the Password Policy modal displays the strength of the passwords required of users with the security profile.
For more information, see Security Profiles Overview.
Go to Manage Users Security Profiles.
- Prevent Password Reuse
- Prevents users from setting the same password twice within a certain number of password changes. It enables the History setting bar, which specifies the number of passwords inContact must look back on the user account when it determines whether the user is repeating a password. For example, if you enable Prevent Password Reuse and set the History to 10, users with the security profile cannot use a password they have already used within the last ten times they set a password on the account.
- Limit Login Attempts
- Limits users to a certain number of login attempts before they are locked out of the system. It enables the Attempts Allowed setting bar, which specifies the number of login attempts users are allowed. For example, if you enable Limit Login Attempts and set Attempts Allowed to 4, a user can unsuccessfully attempt to login four times before he is locked out and must contact the appropriate person in your organization to reset the password.
- Password Expiration
- Limits the number of days users can keep a password before having to change it. It enables the Maximum Age (days) setting bar, which specifies the number of days users can have a password before they must set a new one. For example, if you enable Password Expiration and set Maximum Age (days) to 30, users with the security profile must change their passwords every 30 days.
- Generate Random Passwords
- Generates random short-term passwords when users reset their passwords. It enables the Random Password Life (hours) setting bar, which specifies the number of hours users have before they must change it to a password of their own. For example, if you enable Generate Random Passwords and set Random Password Life (hours) to 48 and a user resets the password, inContact emails a random password to her. The user has 48 hours to log in with that password and change it.
- Prevent Common Passwords
- Prevents users from using common passwords like 'password' or '12345'.
- Password Complexity
- Specifies the character requirements of the password. It enables the following settings bars:
- Minimum Lower Case (a-z) — Sets the minimum number of lower-case characters users with this security profile must include in their passwords. For example, if you set it to 1, users must include at least one lower-case character in every password.
- Minimum Upper Case (A-Z) — Sets the minimum number of upper-case characters users must include in their passwords. For example, if you set it to 2, users must include at least two upper-case characters in every password.
- Minimum Numeric (0-9) — Sets the minimum number of numeric characters users must include in their passwords. For example, if you set it to 1, users must include at least one number in every password.
- Minimum Non-alphanumeric (!,@,#,etc.) — Sets the minimum number of symbols users must include in their passwords. For example, if you set it to 2, users must include at least two symbols in every password.
- Minimum Length — Sets the minimum number of total characters users must include in their passwords. For example, if you set it to 9, users must include at least nine total characters in every password. The characters required in the other Password Complexity settings count towards the total character count.
- Password Policy Strength
- Indicates visually the strength of the passwords you require for this security profile. The indicator box displays a blue bar to visually indicate the strength of the password, and is it accompanied by a written indicator of the strength, which is one of Very Weak, Weak, Standard, Strong, or Very Strong.