Passwords

The Passwords tab of Security & Permissions grants admin users more control over security by setting password parameters. These parameters enforce password requirements that users must follow when creating their passwords.

A password can have up to seven different parameters required for each user. The admin can choose which user role each requirement applies to by primary role. For example, while an admin might set only a few parameters for lower-level primary roles, they might create stricter parameters for higher-level primary roles to protect the sensitive data that these accounts have access to. This allows the password policy to be customized for every type of user.

Security

The following permissions are associated with the Password tab of Security & Permissions.

• Administration

  • Password Policy

    • View Password Policy

    • Edit Password Policy

Navigation

In the top ribbon menu, hover over Administration and select Users & Security.

From the Users & Security sub-menu, select Security & Permissions.
The Security & Permissions page opens in a new tab.

Select the Passwords tab to view and configure password parameters.

The Settings sub-tab of the User Roles tab displays existing password parameters by user role. For more information, see User Roles tab.

Password Parameters

1. Minimum character limit - If on, passwords must contain a minimum number of characters.

2. At least 1 uppercase letter - If on, passwords must contain a minimum of one uppercase letter.

3. At least 1 lowercase letter - If on, passwords must contain a minimum of one lowercase letter.

4. At least 1 number - If on, passwords must contain a minimum of one number.

5. At least 1 special character - If on, passwords must contain a minimum of one special character.

6. Force periodic password reset - If on, users are required to change their password after the specified number of days.

7. Blacklist certain words - If on, certain words and/or numbers cannot being used as part of a password. If on, the following fields appear:

   • Blacklist all usernames - The user's username cannot be used as part of their password. However, this does not block a user from using another user's username in a password.

   • Enter blacklisted words - Any words or numbers entered in this section cannot be used as part of a password. Entries must contain a minimum of three characters.

     • To add a blacklisted word, enter the desired combination of letters and/or numbers and then select the Add icon.

   • Blacklisted Word table - List of all blacklisted words.

     • To delete a blacklisted word, select the Delete iconnext to the entry.

8. Apply Standard Policy - When selected, this button applies a standard password policy. All parameters, except pre-existing blacklisted words, are updated and can be adjusted if desired.

   

Setting Parameters for Different User Roles

For each password parameter that is toggled on, a drop-down appears, allowing the user to select which roles the setting applies to. After configuring parameters and the users to which each applies, be sure to save the updated settings.

If unsure which parameters have been set for certain users, previously configured parameters can be viewed on the Settings sub-tab of the User Roles tab.

User Password Creation

When users create their password, a list of all the required parameters appear below the New Password field. As characters are typed in, the list shows when each requirement is met. The user will not be able to save their new password until all required parameters are met.

Updating Requirements

Admins can update the password parameters at any time. Whenever an update is made, a confirmation message appears to confirm the updates. If the parameters have been updated, a Change Password prompt appears for all affected users whose password does not meet the new requirements. Users will be required to change their password to meet the new requirements. User’s whose passwords already meet the new requirements will not be prompted to change their password.