To set certain restrictions for passwords of system's users, you need to go from the "Management" module to the "Security / Authorization" section, tab "Security".
The settings can be conditionally divided into two parts:
1. Validity period, is checked only when user logged into the system through the form on the main page;
2. Password complexity validator, verification is performed while:
- registration (system public page);
- in the form of editing;
- in the user profile;
- login form;
- when user reset password;
Automatic generation of default passwords includes following:
- Special symbols;
- the minimum length is 12 characters;
Password generation occurs according to the current system policy.
Added a form of forced password change, it works only in case of authorization through the login form on the system.
When a user is authorized through the form on the main page and the created password policy is violated, the system automatically switches to the form with a request to change the password. For example, after setted password requirements, if you check the box "Check password policy during authentication"*, the user will not be able to enter the system until he changes his password.
If you change the password for a user and he is in the system at the same time, then an automatic logout will occur within 10 minutes, including when the "remember me" setting is enabled. Pay attention to this point, if it is necessary to change the password for employees, during working hours.
The only exception is if the user of the system changes the password on his own, through a profile or a contact card.
*The setting "Check password policy during authentication" is disabled by default. When enabled, the password of each user is checked against the specified policy settings at logon. Without putting the setting on, you can keep the old user's passwords unchanged, but at the same time for new ones, including editing, the established rules will be checked.