- Access & Permission
- Password Strength Settings
- Password Longevity Settings
- Additional Security Options
- Resetting a Password
Access & Permission
Password Strength Settings
Require both upper and lower case letters in password: This setting determines if permanent passwords must have at least one upper and one lower case letter to be an acceptable permanent password. The default status for this setting is "enabled", meaning that it is required. To disable the requirement for upper and lower case letters in the password, uncheck the "Enable" box to the right of this setting to remove the check mark. Click "Update" to preserve your changes.
Require at least one number in password: This setting, when enabled, requires users to select at least one number as part of the permanent password. The default status for this setting is "enabled". To disable the requirement for at least one number to appear in a password, uncheck the "Enable" box next to the right of this setting to remove the check mark. Click "Update" to preserve your changes.
Require at least one symbol in password: This setting, when enabled, requires users to select at least on symbol as part of the permanent password. The default status for this setting is "enabled". To disable the requirement for at least one symbol to appear in a password, uncheck the "Enable" box next to the right of this setting to remove the check mark. Click "Update" to preserve your changes.
Password Longevity Settings
Number of days temporary passwords are valid: The numerical value entered in this field represents the number of days for which a temporary password will remain valid for new users or users resetting their passwords. The default setting for this field is one day. To change the number of days for which a temporary password is valid, enter the desired numerical value in the field and click "Update" to preserve your changes.
Important Note: This setting affects the number of days that a new external recommender or reviewer's password is valid.
Number of days permanent passwords are valid: The numerical value entered in this field represents the number of days for which a permanent password will remain valid for system users. The default setting for this field contains no value (i.e. "blank"), which means there is no expiration set for permanent passwords. To change the number of days for which a permanent password is valid, enter the desired numerical value in the field and click "Update" to preserve your changes.
Additional Security Options
User/IP address blocking due to multiple failed login attempts: This section of Password Management contains three configurable fields which collectively dictate the action that is taken when the following conditions are met: When X number of failed login attempts within X number of minutes are made to the site, then block the associated User/IP address for X number of minutes.
The setting for this User/IP address blocking is "disabled" by default. To enable this setting, check the box next to "Enable" and click "Update" to preserve your changes.
Should it be desired to enable this functionality, the recommended settings for these fields are 5 failed login attempts within 2 minutes will block the User/IP address for 5 minutes. These settings can be adjusted by entering numeric values in each field and clicking "Update" to preserve your changes.
Important Note: Many offices and computer labs use a single wireless access point or router for multiple computers. If an IP address is blocked using this security option, then the IP address of that specific wireless access point is blocked. Thus, if you have staff members using the same wireless router and one person triggers the IP blocking, then all staff using that wireless router will be blocked from logging in for the configured number of minutes.