Our password security settings allow Admin Users to determine the precise level of security necessary to protect User Accounts. To configure your security settings, go to Settings > Security, Privacy & Compliance > Security.
Select and configure the following password settings for Users:
- Minimum/Maximum length and age: Specify a minimum and/or maximum password length and age
- Enforce password history: You can choose to prevent Users from using a specific number of their previous passwords.
- Require complex passwords: Choosing this option requires all users' passwords to contain at least one number, one uppercase, and one lowercase character.
- Enable secret question: Users will have to provide the answer to a secret question when setting up their account. This is used during password reset to prevent others from compromising your account.
Security - Password Settings
Email Activation Link Settings
Specify the number of days the activation link is active in password reset and new account invitation emails.
- Password Reset Expiration: Specify the number of days the password reset link is active after a User's password has been reset. Learn more about this topic here.
- New Account Invitation Expiration: Specify the number of days the account activation link is active after a new account invitation has been sent.
Expiration Settings -Password Reset /Account Invitation
Account Lockout Settings:
Choose the amount of invalid login attempts a User is allowed before they are locked out of the portal and the amount of time they will remain locked out.
- Account Lockout Threshold: Users will be locked out of their account after a specific number of invalid login attempts.
- Account Lockout Timeout: Users will remain locked out of their accounts (due to invalid login attempts) for a specific amount time before they can try logging in again.