- Passwords
- Navigating to Member Security
- Password Expiration Time
- Invalid Login Attempts
- Unique Password Interval
Passwords
Strong passwords are required for both Admins and Constituents. Admin and Member passwords have the same strength requirements and will no longer be configurable in Security Settings.
Passwords must be at least 8 characters, and require one of each of the following:
- Uppercase letter(s)
- Lowercase letter(s)
- Number(s)
- Symbol(s)
Current Password is Required to Change Password
- Constituents will always have to enter their old password to change their password, UNLESS they are resetting their password (via the reset password link on the login page)
- Admins will NOT have to enter the old password when they are changing the password for another user.
- Admins will need to enter their old password when updating their own password (unless via reset).
Navigating to Member Security
1. Select the Key dropdown menu and choose Security Settings.
2. You will be placed on the Admin Settings tab by default.
3. Make changes as needed. Click Save to save your changes.
Password Expiration Time
The Password Expiration Time sets the time frame that an admin's password is valid. The options are:
- 1 month
- 2 months
- 3 months (Default)
Invalid Login Attempts
Invalid Login Attempts sets how many times an admin can log in unsuccessfully before their account is locked. The options are:
- Never lock an Admin out because of invalid attempts
- 3 Invalid Attempts
- 5 Invalid Attempts
- 10 Invalid Attempts (Default)
- 20 Invalid Attempts
Unique Password Interval
The Unique Password Interval feature enhances site security by forcing users to choose a unique password over a specific time span. The options are:
- At Least 5 (Default)
- At Least 10
- At Least 20
For example, if At Least 5 is selected, that means that an admin must choose five unique passwords before repeating a password that they previously used.