1. Using Oracle Commerce
  2. Configure Shopper Settings
  3. Configure the password policy

Configure the password policy

This section describes the password management features included as part of Commerce.

Password management is an important part of administering any site that includes personal information.

The section includes the following topics:

Configure strong passwords

Strong password checking lets you define criteria for new passwords; for example, you can specify that new passwords cannot be duplicates of old ones or contain the same characters as login names.

To configure strong passwords, follow these steps:

  1. Click the Settings icon, then sShopper Settings.
  2. Select one or more strong password settings.
    • If you select Minimum Password Length, enter a number that specifies the minimum number of characters.
    • If you select Must Include a Symbol Character, enter, or add to, a list of symbols.
    • If you select Cannot Be A Previous Password, enter a number that specifies how many most recent passwords cannot be used.
    • If you select Expire Password, enter a number that specifies the number of days until a new password expires.
  3. Click Save.

Force all passwords to expire

In some cases, you may want to force the passwords of all registered users to expire at the same time. Registered shoppers will have to reset their passwords the next time they log in.

To force all passwords to expire, follow these steps:

  1. Click the menu icon, then select Settings.
  2. Select Shopper Settings from the Settings list.
  3. Click the Expire All Passwords button.
  4. Confirm that you want to force all passwords to expire immediately.

Understand how forgotten passwords are handled

Registered shoppers who cannot remember their passwords can use the Forgotten Password feature in the storefront to set a new password. The process works as follows:

  1. The shopper clicks the Forgotten Password link in the login screen and enters his or her email address.

    The system validates that the email address matches an existing shopper profile. If no match is found, the system does nothing, and the shopper does not receive an email.

  2. The shopper clicks the Send Request button. A one-time use link is sent by the system to their email address.
  3. Once the shopper receives the link and opens it, they are prompted to create and confirm their new password.