Phocas authentication - This is the default, with users and passwords stored in the Phocas system. If your site uses Phocas authentication you can set a site-wide password policy.
Administrators with permission can set password policies, such as automatic expiry, length, character requirements and so on.
In the Phocas menu, click Administration > Configuration and scroll down to the Password Policy section.
Set your required password policy:
Automatic Expiry - The number of days for which a user’s password will remain valid before it expires, forcing the use to reset their password when they next attempt to log on. An administrator can also reset passwords.
Failed Login Attempts - If this is left blank or set to 0, there will be no limit of the number of times a user can attempt to login. See how to unlock a user's account. Note. LDAP accounts are not subject to lockout.
Minimum Length - The minimum length of a password.
Minimum Number of… - The minimum number of upper case letters, numeric characters and/or special characters that users must have in their passwords.
Disable ‘Remember Me’ on sign in page - Select this checkbox to remove the Remember Me option from the sign in page.
Prevent users from changing password - Select this checkbox to prevent users from changing their own password. If checked, non-administrators will not be able to change their password.
More about user passwords
Other tools and settings are available to help you manage user passwords; see the Manage user passwords page.