- Current Password is Required to Change Password
- Navigating to Member Security
- Password Expiration Time
- Invalid Login Attempts
- Unique Password Interval
Strong passwords are required for both Admins and Constituents. Admin and Member passwords have the same strength requirements and will no longer be configurable in Security Settings.
Passwords must be at least 8 characters, and require one of each of the following:
- Uppercase letter(s)
- Lowercase letter(s)
Current Password is Required to Change Password
- Constituents will always have to enter their old password to change their password, UNLESS they are resetting their password (via the reset password link on the login page)
- Admins will NOT have to enter the old password when they are changing the password for another user.
- Admins will need to enter their old password when updating their own password (unless via reset).
Navigating to Member Security
1. Select the Key dropdown menu and choose Security Settings.
2. Click the Member Security tab.
3. Make changes as needed. Click Save to save your changes.
Password Expiration Time
Password Expiration Time sets the time frame that a member’s password is valid. When the time expires, the member must change their password. The options are:
- Never (Default)
- Every Month
- Every 2 Months
- Every 3 Months
- Every 3 months
- Every Year
Invalid Login Attempts
Invalid Login Attempts sets how many times a member can log in unsuccessfully before their account is locked. The options are:
- Never lock a Member out because of Invalid Attempts (Default)
- 3 Invalid Attempts
- 5 Invalid Attempts
- 10 Invalid Attempts
- 20 Invalid Attempts
- 50 Invalid Attempts
Unique Password Interval
The Unique Password Interval feature enhances site security by forcing users to choose a unique password over a specific time span. The options are:
- At Least 1
- At Least 3 (Default)
- At Least 5
- At Least 10
- At Least 20
For example, if At Least 3 is selected, that means that a user must choose three unique passwords before repeating a password that they previously used.