Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Please note that this document is a draft and still not finalized.

This page describes how to configure strong password policies on App and Web

Available Password Policies

The following password policies are supported by the current implementation for both web and mobile applications and can be configured based on the requirements of the users.

  • Password lifetime: 90 days

  • Max number of wrong login attempts: 5

  • Minimum length: 8 characters

  • Maximum length: x characters

  • A password can’t contain:

    • Member number

    • Name

  • Out of the 4 password policy requirements below, only 3 of them needs to be fulfilled for a password to be accepted as a valid strong password.

    • Needs to contain: Capital letter

    • Needs to contain: Small letter

    • Needs to contain: Number

    • Needs to contain: Special character !, @, #, $, %, ^, &,  *

Setting-up Password Policies

The following settings should be enabled and configured in order to set up the password policies for a particular installation.

enablePasswordPolicies

customerPasswordLifetimeValue

customerPasswordMinimumLength

customerMaxWrongLoginAttempts

Password Lifetime

The password lifetime suggests for how long a specific password is active.

The default lifetime of a password is set to 90 days about which the user will be notified 3 days before the password expiration.

If the user has exceeded the max no of wrong login attempts users can contact back office admin and can reset their passwords Users can use reset password flow in the app and web.

  • No labels