Please note that this document is a draft and still not finalized.
This page describes how to configure strong password policies on App and Web
Available Password Policies
The following password policies are supported by the current implementation for both web and mobile applications and can be configured based on the requirements of the users.
Password lifetime: 90 days
Max number of wrong login attempts: 5
Minimum length: 8 characters
Maximum length: x characters
A password can’t contain:
Member number
Name
Out of the 4 password policy requirements below, only 3 of them needs to be fulfilled for a password to be accepted as a valid strong password.
Needs to contain: Capital letter
Needs to contain: Small letter
Needs to contain: Number
Needs to contain: Special character !, @, #, $, %, ^, &, *
Setting-up Password Policies
The following settings should be enabled and configured in order to set up the password policies for a particular installation.
enablePasswordPolicies
customerPasswordLifetimeValue
customerPasswordMinimumLength
customerMaxWrongLoginAttempts
Password Lifetime
The password lifetime suggests for how long a specific password is active.
The default lifetime of a password is set to 90 days about which the user will be notified 3 days before the password expiration.
If the user has exceeded the max no of wrong login attempts users can contact back office admin and can reset their passwords Users can use reset password flow in the app and web.