Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Please note that this document is a draft and still not finalized.

Info

This page describes how to configure strong password policies on App and Web

Table of Contents
minLevel1
maxLevel7

Available Password Policies

The following password policies are supported by the current implementation for both web and mobile applications and can be configured based on the requirements of the users.

  • Password lifetime: 90 days

  • Max number of wrong login attempts: 5

  • Minimum length: 8 characters

  • Maximum length: x characters

  • A password can’t contain:

    • Member number

    • Name

  • Out of the 4 password policy requirements below, only 3 of them needs to be fulfilled for a password to be accepted as a valid strong password.

    • Needs to contain: Capital letter

    • Needs to contain: Small letter

    • Needs to contain: Number

    • Needs to contain: Special character !, @, #, $, %, ^, &,  *

Setting-up Password Policies

The following settings should be enabled and configured in order to set up the password policies for a particular installation.

enablePasswordPolicies

Only if enablePasswordPolicies is TRUE , the password policies can be configured to validate passwords while setting up and resetting them.

customerPasswordLifetimeValue

The customerPasswordLifetimeValue is the setting that can be used to specify the life time of a given password.

customerPasswordMinimumLength

customerMaxWrongLoginAttempts

Password Policies on Web and App

Web

Join Us Flow

When onboarding using the ‘Join Us’ flow, all the password policies will be checked when the user tries to configure a password for his user account.

Reset Password Flow

If the user has forgotten his password or the account is locked after the allowable number of logging-attempts, he will be directed to the following password reset screen where all the password policies are checked.

Log In

Screen
Image Removed

Image Removed

Flow

While logging into the system, upon each unsuccessful attempt, the user will be notified about the remaining number of attempts and if he exceeds the total allowable number of attempts, the account will get locked and the user will be prompted to reset the password.

Image Added

Image Added

App

Join Us Flow

When onboarding using the ‘Join Us’ flow, all the password policies will be checked when the user tries to configure a password for his user account.

Image Added

Image Added

Reset Password Flow

The reset password flow is handled by a web view, where the user will get directed to a URL out of the mobile app.

Log in Flow

While logging into the system, upon each unsuccessful attempt, the user will be notified about the remaining number of attempts and if he exceeds the total allowable number of attempts, the account will get locked and the user will be prompted to reset the password.

Image Added

Image Added

Password Lifetime on Web and App

The password lifetime suggests for how long a specific password is active.

The default lifetime of a password is set to 90 days about which the user will be notified 3 days before the password expiration.

Image Added

If the user has exceeded the max no of wrong login attempts users can contact back office admin and can reset their passwords Users can use reset password flow in the app and web.

Image RemovedImage Added