Note |
---|
Please note that this document is a draft and still not finalized. |
Info |
---|
This page describes how to configure strong password policies on App and Web |
Table of Contents | ||||
---|---|---|---|---|
|
Available Password Policies
The following password policies are supported by the current implementation for both web and mobile applications and can be configured based on the requirements of the users.
Password lifetime: 90 days
Max number of wrong login attempts: 5
Minimum length: 8 characters
Maximum length: x characters
A password can’t contain:
Member number
Name
Out of the 4 password policy requirements below, only 3 of them needs to be fulfilled for a password to be accepted as a valid strong password.
Needs to contain: Capital letter
Needs to contain: Small letter
Needs to contain: Number
Needs to contain: Special character !, @, #, $, %, ^, &, *
Setting-up Password Policies
The following settings should be enabled and configured in order to set up the password policies for a particular installation.
enablePasswordPolicies
Only if enablePasswordPolicies
is TRUE , the password policies can be configured to validate passwords while setting up and resetting them.
customerPasswordLifetimeValue
The customerPasswordLifetimeValue
is the setting that can be used to specify the life time of a given password.
customerPasswordMinimumLength
customerMaxWrongLoginAttempts
Password Policies on Web and App
Web
Join Us Flow
When onboarding using the ‘Join Us’ flow, all the password policies will be checked when the user tries to configure a password for his user account.
Reset Password Flow
If the user has forgotten his password or the account is locked after the allowable number of logging-attempts, he will be directed to the following password reset screen where all the password policies are checked.
Log In Flow
While logging into the system, upon each unsuccessful attempt, the user will be notified about the remaining number of attempts and if he exceeds the total allowable number of attempts, the account will get locked and the user will be prompted to reset the password.
App
Join Us Flow
When onboarding using the ‘Join Us’ flow, all the password policies will be checked when the user tries to configure a password for his user account.
Reset Password Flow
The reset password flow is handled by a web view, where the user will get directed to a URL out of the mobile app.
Log in Flow
While logging into the system, upon each unsuccessful attempt, the user will be notified about the remaining number of attempts and if he exceeds the total allowable number of attempts, the account will get locked and the user will be prompted to reset the password.
Password Lifetime on Web and App
The password lifetime suggests for how long a specific password is active.
The default lifetime of a password is set to 90 days about which the user will be notified 3 days before the password expiration.
If the user has exceeded the max no of wrong login attempts users can contact back office admin and can reset their passwords Users can use reset password flow in the app and web.