Users allows administrators to configure rules relating to password strength and expiry periods.
Passwords
To access passwords to go to:
- Content -> Pages -> Options -> Setup
- Content -> Assets -> Options -> Setup
- Setup -> Site
- System -> Configuration
Select System, and then People -> Passwords:
1. Edit/configure:
Minimum length (characters)
If required, enter a minimum number of characters for a password.
Maximum length (characters)
If required, enter a maximum number of characters for a password.
Show strength indicator
If required check to display the minimum required password strength as a user is creating their password.
Minimum strength
If required, select a minimum strength for a user password.
Note: Password strengths are defined as follows:
| Strength | Points required |
| Very Weak | 0-9 |
| Weak | 10-15 |
| Medium | 16-30 |
| Strong | 31-40 |
| Very Strong | 40+ |
Below are the most common rules used when determining the strength of an Easysite password, along with the associated points awarded:
| Rule | Points |
| Length less than 3 | +6 |
| Length between 3 and 5 | +12 |
| Length more than 5 | +18 |
| Contains lowercase a – z | +1 |
| Contains uppercase A – Z | +5 |
| Contains a single digit (0-9) | +5 |
| Contains multiple digits (0-9) | +7 |
| Contains Punctuation character | +5 |
| Contains multiple punctuation characters | +7 |
| Contains a mixture of letters and numbers | +3 |
| Contains Mixture of letters, numbers and punctuation | +3 |
Expiry period
Enter the required number of days before a password expires.
Expiry notification period
Enter the number of days before the expiry date that a user is notified that their password is about to expire.
Recycle history
Enter the number of changes allowed before a password may be reused.
Disable expiry for public users
If required, check to prevent passwords expiring for users who do not edit or administer the site.
Maximum attempts before deactivation
if required, enter the number of failed login attempts a user is allowed before their account in deactivated. Once an account is deactivated, an administrator must check to reactivate the account.
Enforce password change on first login
Check if required.
