How do the "Strong Password Rules" & 'Expire Email Invitation' work?


Question:

How does the "Strong Password Rules" work?

 

Answer:

  • Strong Password rules is a new feature we're excited about as it puts further control over the security of your Brightidea system
  • To enable this feature, please contact your Brightidea representative.
  • Once enabled in your Brightidea system, you can find this beta feature in WebStorm or Enterprise Setup --> Site --> Security
  • The administrator has the option of the following:
    • Please note that all passwords, regardless of any rules, must be at least 6 characters and 1 number
    • Customizable maximum validity days
    • Complexity: must contain at least 3 of each (mixed case, number, and extended character)
    • Account lockout upon entry of 10 invalid login attempts must be in place & remain locked for sixty minutes before the account is enabled again
    • Not allow passwords containing single words found in a dictionary as well as the users name, User ID, or email address
    • If you select a number of requirements - please make sure that exact number of choices is selected.  
      • The feature is designed to only pull the number of requirements set and chosen.
    • Existing user accounts in a WebStorm will need to adhere to any new strong password rules placed - they are not exempt. 
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Simplez

    Can you please confirm that this Strong Password rule is still valid? I've tried to configure a 4 digits minimum but doesn't work.

  • Avatar
    Anthony Madama

    Hello - yes this is still valid...Please note that all passwords, regardless of any rules, must be at least 6 characters  - apologies for the confusion.

    Best,

    Anthony

  • Avatar
    Roc Chen

    Good morning. I don't know why I couldn't see these detailed rules options on my admin page, and I'm wondering where I can find an entire instruction of the password rule, such as which characters can not be used in passwords.

    Thank you
    Roc

  • Avatar
    Daniel

    Hi Roc,

    This is a beta feature—let us know if you'd like it enabled on your site.

    Note that users whose passwords do not meet any new requirements will need to do a password reset. See above for additional information.

    Best,
    Daniel He
    Brightidea Support