To set password policies such as automatic expiry, length, character requirements etc, select Administration > Configuration.
Go to the Password policy section of the screen.
Password authentication in Phocas
Phocas authentication
This is the default, with users and passwords stored in the Phocas system. If your site uses Phocas authentication you can set a site-wide password policy.
LDAP/Active Directory
LDAP (Lightweight Directory Access Protocol) authentication can be configured during installation. User passwords take on AD protocols and administrators will not see any Password policy options.
Password policy options
| Option | Purpose |
|---|---|
Automatic Expiry | The number of days for which a user’s password will remain valid before it expires. After expiry, a user will need to reset his or her password. This will be forced when the user attempts to log on. An administrator can also reset passwords. |
Minimum Length | Determines the minimum length in characters of a password. |
Failed Login Attempts | Determines the number of allowed failed login attempts before a user is locked out of their account. If this is left blank or set to 0, there will be no limit of the number of times a user can attempt to login. See how to unlock a user's account. Note. LDAP accounts are not subject to lockout. |
Minimum Number of Upper Case Letters | Determines the minimum number of upper case characters a password must contain. |
Minimum Number of Numbers | Determines the minimum number of numeric characters a password must contain. |
Minimum Number of Special Characters | Determines the minimum number of non alpha-numeric ASCII characters a password must contain. |
Prevent Users From Changing Password | If checked, prevents non-administrators from changing their passwords. |
More about user passwords
Other tools and settings are available to help administrators manage user passwords. These are covered on the Manage user passwords page.