Changes

'''Password Policy''' is used Policies include the ability to configure control; the length and complexity of passwords, password expiration and frequency usage, the method for sending new requested passwords, word restrictions, the Password Policies within SmartSimple with your organizational policies. It is best practice to ensure that these policies match number of retries allowed, the lockout time for the account if they exceed the other systems that are deployed by your organization. Consequently these policies provide number of retries, email alerts for extensive configuration optionsinvalid passwords.

Password Policies include the ability to control; the length and complexity of passwords, '''Multiple password expiration and frequency usage, policies''' can be supported by the method system. This feature provides for sending new requested passwords, word restrictions, the number less stringent policies for types of retries allowed, users that infrequently access the lockout time system such as external contacts. Alternative password policies can be set for any level in the account if they exceed the number of retries, email alerts for invalid passwordsorganizational hierarchy.

'''Multiple password policies''' There can also be supported by individual Password policies for the systemdifferent a company in your organizations hierarchy. This feature provides for less stringent policies for types of users that infrequently access However, they will only be able to edit the policy and not the system such as external contactsActivation Emails. Alternative password policies These emails can only be set for any level in the organizational hierarchyconfigured from [[Global Settings|Global settings]].

[[image'''Persistent Login''' provides for the use use of a persistent secure cookie on the users computer to eliminate the need to use a username and password to log into the system. '''This feature will be deprecated in the July 2016 upgrade.''''''Disable Inactive Accounts''' provides the ability to automatically disable a user account after a predetermined period of time. A password reset is required by the user to regain access to the system. The main options are:password001.png|border]]

'''Persistent Login''' provides for the use use of a persistent secure cookie on the users computer to eliminate the need to use a username and password to log into the system. '''This feature will be deprecated in the July 2016 upgrade.''''''Disable Inactive Accounts''' provides the ability to automatically disable a user account after a predetermined period of time. A password reset is required by the user to regain access to the system. The main options are: * '''Disable user accounts after ''[X]'' days''' - The number of days a user account is inactive before it is disabled. Leave this field blank to disable this feature.

'''Data Restrictions''' - passwords set by users can be restricted so values such as first name, last name or organization name cannot be used in the password. Any number of fields can be selected from both the organization or the user profile; standard and custom fields are supported.

'''Complexity''' – the level of complexity required in the [[Password|password]], the options are:* '''No Restriction''' – any character can be used. This is the default.

 * The '''Compose Custom Password Policy''' table provides the ability to define the custom password policy that matches your organization's security standards and provides control of each character type desired (upper case, lower case, numeric and/or symbols). You can also specify the minimum number of characters required for that character type.

* The '''Validate Pattern''' button will open a window where you can test various passwords against the policy to see if they will pass or fail.

 <pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">&lt;!--@sslogic('@langid@'='2')-->&lt;br>@system.Password Policy - French@&lt;!--@else-->&lt;br>@system.Password Policy@&lt;!--@end--></pre>

[[image:password003* '''Force Password Change''' - Appears with button marked '''Expire All Passwords Now'''. Ensures that all users will be forced to rest their password when they next log in.png|border]]

* '''Default Security Code''' - A hard-coded value to be entered when users request new passwords.

* '''Activation link life span''' - Works with the @activationlink@ [[Password Variables to Set or Reset User Passwords|password variable]]. If the '''<nowiki>httphttps://@url@@activationlink@</nowiki>''' syntax is used in the ''Request Password'' section of [[User Email Templates]], this setting sets the duration that the activation link will be valid.

:[[Image:Challenge-question.png|link=]] :'''Note:''' An example of a good challenge question would be something that is simple, memorable, can't be guessed easily, and won't change over time. 

* '''Lockout Duration''' – the duration of the account lockout. The [[User|user]] will not be able to log in during this period. Period can be set to 5 minutes, 15 minutes, 30 minutes, 1 hour, 3 hours, 12 hours, 24 hours or forever (until unlocked by [[Administrator|administrator]]).

* '''Lockout Message''' - a custom message to display to users when a user is locked out due to too many failed login attempts. This message will only display when a user has been locked out, and attempts to log in again with the correct password. Therefore, no information will be divulged to users that fail their login.

* The '''View Locked Users''' tab will display all [[User|users]] that have had their account locked. <br>

 These settings define who should be informed by email if an intruder alert is detected. A default emial template is used and contains the following values:

* '''Email From''' – the “from” address for the email. If you do not set this value, the address: '''donotreply@smartsimple.com''' will be used.

If there are no password policies defined for a company, then the system will look at the companies above it in the hierarchy, and if one of these parent companies have a password policy set then it will use these settings. <br/><br/>

This option is only available from the Password Policy on the [[CategoryImage:Global SettingsViewLockedUsers.png|Global settings1000px]]. It cannot be accessed for the individual Password policies for the different companies in your organizations hierarchy.

The '''View Locked Users''' tab will display all [[Image:ViewLockedUsers.pngUser|1000pxusers]]that have had their account locked.

* When an account has been locked for exceeding the alloted number of attempts, after the lockout time has passed they are permitted only one attempt at the correct password. A single incorrect password at this point will re-lock the account for the configured lockout duration. In other words, once someone is on the "locked user" list they are only permitted a single wrong attempt and they will be locked for the lockout duration again. This prevent would-be intruders from having multiple attempts to guess the password each time the lockout duration has passed.

 This option is only available from the Password Policy on the [[Category:Global Settings|Global settings]]. It can not be accessed for the individual Password policies for the different companies in your organizations hierarchy.

* The '''View Expired Users''' tab will display all [[User|users]] that had their accounts disabled due to [[Password_Policy#Section_1:_Persistent_Login_and_Expiration_of_Inactive_Accounts|inactivity]]. There will be page navigation options if there is an overly long list.