1. Using B2C Service
  2. Configure Staff-Member Passwords

Configure Staff-Member Passwords

You can enhance your staff members’ password security by specifying options that can prevent repeated invalid login attempts, set password length and character requirements, and expiration details.

Note: You must configure staff member passwords before adding staff accounts.

Password configuration is an important part of security for your organization and for your application. To learn about the tools you can use for password security, see Password Protection. Also see How You Recover Forgotten Passwords and How You Secure Customer Passwords.

  1. Click Configuration on the navigation pane.
  2. Expand Staff Management, and then double-click Password Configuration.
    The Password Configuration editor opens on the content pane.
  3. Enter field information.

    Password Configuration

    Field Description

    Login Requirements

    This section contains the option to establish a limit on invalid login attempts.

    Number of Invalid Logins

    Drag the slider to the number of failed login attempts you want to allow before the system locks out the account. Alternately, enter the number you want in the field to the right of the slider. A value of 0 disables this function. The default value is 5.

    Only administrators possessing the Groups/Accounts/Distribution Lists profile permission can unlock a staff account. After a successful login, the invalid login count is reset to 0.

    Password Expiration

    This section contains options to customize time periods that affect password expiration.

    If the Password Expires check box is cleared for a particular staff account, it overrides any password expirations defined in the password configuration settings.

    Expiration Interval

    Drag the slider to the number of days that passwords stay in effect. Alternately, enter the number you want in the field to the right of the slider. After adding a staff account or updating the account password from the Staff Accounts editor or the Change Password window, the expiration date value is reset. A value of 0 turns password expiration off. The default value is 90.

    Grace Period

    Drag the slider to the number of days after the password expires in which staff members can enter a new password and still be allowed to log in. Alternately, enter the number you want in the field to the right of the slider. After the grace period ends, staff members’ accounts are locked, and you must reset the expiration date or the password. The default value is 14.

    Warning Period

    Drag the slider to the number of days before the password expires in which staff members will be alerted to the approaching expiration date. Alternately, enter the number you want in the field to the right of the slider. During the warning period, staff members can log in normally and are notified of the number of days until the current password expires. The default value is 7.

    Password Requirements

    This section contains options to customize the format of staff account passwords and limit their reuse.

    Password Length

    Drag the slider to the minimum number of characters required for a staff account password. Alternately, enter the number you want in the field to the right of the slider. The default value is 8.

    Password length cannot exceed 20 characters.

    Character Repetitions

    Drag the slider to the maximum number of consecutive repeated characters permitted in a password. Alternately, enter the number you want in the field to the right of the slider. For example, if Character Repetitions is set to 2, then a password such as 11011011 would be allowed, but 1110000 would not be allowed. The default value is 2.

    Character Occurrences

    Drag the slider to the maximum number of times a character can be used in a password. Alternately, enter the number you want in the field to the right of the slider. For example, if Character Occurrences is set to 2, then a password such as 10123456 would be allowed, but 10101234 would not be allowed. The default value is 2.

    Lowercase Characters

    Drag the slider to the minimum number of lowercase characters required in a password. Alternately, enter the number you want in the field to the right of the slider. The default value is 1.

    Uppercase Characters

    Drag the slider to the minimum number of uppercase characters required in a password. Alternately, enter the number you want in the field to the right of the slider. The default value is 1.

    Special Characters

    Drag the slider to the minimum number of special characters required in a password. Alternately, enter the number you want in the field to the right of the slider. The default value is 1.

    Numbers and Special Characters

    Drag the slider to the minimum number of special characters, including numbers, required in a password. Alternately, enter the number you want in the field to the right of the slider. The default value is 1.

    Number of Previous Passwords

    Drag the slider to the number of passwords that will be stored in memory for each staff account. Alternately, enter the number you want in the field to the right of the slider. Staff members cannot use any of the currently stored passwords when changing passwords. The default value is 10.
  4. Click Save.