[Skip to content]

Search our Site
Easysite Resource Centre


Users allows administrators to configure rules relating to password strength and expiry periods.


To access passwords to go to:    

  • Content -> Pages -> Options -> Setup   
  • Content -> Assets -> Options -> Setup   
  • Setup -> Site    
  • System -> Configuration

Select System, and then People -> Passwords:

Password configuration

1. Edit/configure:

Minimum length (characters)

If required, enter a minimum number of characters for a password.

Maximum length (characters)

If required, enter a maximum number of characters for a password.

Show strength indicator

If required check to display the minimum required password strength as a user is creating their password.

Minimum strength

If required, select a minimum strength for a user password.

Note: Password strengths are defined as follows:


Points required

Very Weak








Very Strong


Below are the most common rules used when determining the strength of an Easysite password, along with the associated points awarded:



Length less than 3


Length between 3 and 5


Length more than 5


Contains lowercase a – z


Contains uppercase A – Z


Contains a single digit (0-9)


Contains multiple digits (0-9)


Contains Punctuation character


Contains multiple punctuation characters


Contains a mixture of letters and numbers


Contains Mixture of letters, numbers and punctuation


Expiry period

Enter the required number of days before a password expires.

Expiry notification period

Enter the number of days before the expiry date that a user is notified that their password is about to expire.

Recycle history

Enter the number of changes allowed before a password may be reused.

Disable expiry for public users

If required, check to prevent passwords expiring for users who do not edit or administer the site.

Maximum attempts before deactivation

if required, enter the number of failed login attempts a user is allowed before their account in deactivated. Once an account is deactivated, an administrator must check to reactivate the account.

Enforce password change on first login

Check if required.