You can configure a Workbench user's password to expire after a specified number of days, and a user's account to be locked after the user has made a specified number of attempts to log in to Workbench with invalid credentials.
You enable both password expiry and account locking by specifying
appropriate values (a number of days and a number of attempts to log in,
respectively) for properties of the
webstudio.properties
file. For information about
webstudio.properties
, refer to
Password security requirements for Workbench users.
Password Expiry
If password expiry is enabled and a user attempts to log in with a formerly valid but now expired password, a dialog appears in which the user must change the password in order to use Workbench. The user cannot log in to Workbench without specifying a new password.
The change password screen does not appear, however, when a user attempts to log in with a password that has never been valid.
Account Locking
If account locking is enabled and a user attempts to log in with invalid credentials more than the maximum number of times allowed, the user's account will be locked. The number of invalid attempts to log in is displayed.
When a user's account is locked, the user cannot log in, even with valid credentials, until a Workbench administrator unlocks the user's account. When the user's account is unlocked, the number of invalid attempts to log in is reset to zero, and the user can now log in with valid credentials. The Workbench administrator can, but need not, reset the user's password when unlocking the user's account.
Only a Workbench administrator can unlock the user's account.