Set your Phocas site's password policy
Password authentication in Phocas
Phocas authentication - This is the default, with users and passwords stored in the Phocas system. If your site uses Phocas authentication you can set a site-wide password policy.
LDAP/Active Directory - LDAP (Lightweight Directory Access Protocol) authentication can be configured during installation. User passwords take on AD protocols and administrators will not see any Password policy options.
Administrators with permission can set password policies, such as automatic expiry, length, character requirements and so on.
In the Phocas menu, click Administration > Configuration and scroll down to the Password Policy section.
Set your required password policy:
Automatic Expiry - The number of days for which a user’s password will remain valid before it expires, forcing the use to reset their password when they next attempt to log on. An administrator can also reset passwords.
Failed Login Attempts - If this is left blank or set to 0, there will be no limit of the number of times a user can attempt to login. See how to unlock a user's account. Note. LDAP accounts are not subject to lockout.
Minimum Length - The minimum length of a password.
Minimum Number of… - The minimum number of upper case letters, numeric characters and/or special characters that users must have in their passwords.
Disable ‘Remember Me’ on sign in page - Select this checkbox to remove the Remember Me option from the sign in page.
Prevent users from changing password - Select this checkbox to prevent users from changing their own password. If checked, non-administrators will not be able to change their password.
More about user passwords
Other tools and settings are available to help you manage user passwords; see the Manage user passwords page.