Forgot Password Policy
Forgot password policy options must be set for each of the three Career Section types.
-
Configuration > [Career Section] Administration > Internal Career Sections
-
Configuration > [Career Section] Administration > External Career Sections
-
Configuration > [Career Section] Administration > Agency Portals
| Forgot Password Policy Options |
|---|
| Use this method to change passwords |
| Number of incorrect attempts allowed per user to enter the email address |
| Lock a user’s account when the number of incorrect attempts allowed to enter the email address is exceeded |
| Require X security questions |
| Require answers that contain at least X characters (X must be greater than 0) |
| Number of attempts allowed per user to answer the security question |
| Lock a user's account when the number of attempts allowed to answer the security question is exceeded |
| Mask the security answer values |
Details regarding the “Use this method to change passwords” setting
The change password procedure contains six options of authentication:
| Options for the “Use this method to change passwords” Setting | |
|---|---|
| Option | Description |
| Access Code | An email containing an access code is sent to the user once the user has confirmed his/her email address. |
| Security Questions | The user is asked to answer the security questions (from 1 to 3) previously entered in his/her profile. If the answer is correct, the user is invited to enter a new password. |
| Security Questions and Access Code | The user is asked to answer the security questions (from 1 to 3) previously entered in his/her profile. If the answer is correct, an email containing an access code is sent to the user once the user has confirmed his/her email address. |
| Security Questions or Access Code | The user is asked to answer the security questions (from 1 to 3) previously entered in his/her profile. If the answer is correct and the user has an email address, an access code is sent to the user once the user has confirmed his/her email address. If the user does not have an email address and the answer to the security question is correct, the access is granted to the application and the user is invited to change his/her password. |
| Security Questions and/or Access Code | When this option is activated, one of the following situation will happen. See the Security Questions and/Or Access Code table. |
| Contact System Administrator | The user is asked to contact the system administrator. Only the system administrator can then generate a new password and communicate it to the user. |
| Details Regarding the “Security Questions and/or Access Code” Option | ||
|---|---|---|
| The user has an email address | Security questions were activated | |
| Yes | Yes | The user will have to answer the security questions correctly and an access code will be emailed. |
| Yes | No | The user will receive an access code by email. |
| No | Yes | The user will have to answer the security questions correctly to be able to access the application. |
| No | No | The user will be asked to contact the technical support. |
Details regarding the Use this method for the Forgot Username setting
Career Section users who forget their user name can now receive it in an e-mail.
If Career Section users forget their user name, they use the Forgot your user name? link and then enter their e mail address in the corresponding field.
Afterwards, they receive an e-mail containing their user name. They then use this information (and their password) to log into the career section.
In prior releases, the user name was displayed on-screen; there was no option to send it in an e-mail.
A new setting (configured for internal and/or external career sections separately) is available: Use this method for the Forgot Username feature. Administrators can choose between:
Email: The user name is sent by e-mail.
On Screen: The user name is displayed in clear text.
The default value of the setting Use this method for the Forgot Username feature is On Screen.
There is a separate message template called “Find username” associated with this feature. That message template should not be confused with the “Forgot username” message template.
Customers who plan to enable user name recovery through e-mail are advised to add the E-mail field to their Registration page. This measure ensures that the system has an e-mail on record for every candidate and will therefore send the “Find username” message even to users who don’t complete the first page of an application flow.
It is recommended that customers set the value of the Propagate Username in Login Pages setting to No (Configuration > Career Section Settings). This is because candidates can also use the Forgot your password feature to retrieve their user name. If they were to lend their device to someone else, the feature could be used for user name harvesting.
Details regarding the "Mask the security answer values" setting
If the setting value is set to Yes, answers to security questions are masked (concealed) while they are being typed and submitted. This provides candidates and employees with better security by preventing people who might be looking at the computer screen or tablet from seeing the answers to security questions. Visitors must enter the answer (also masked) in a second field to confirm their answer.
First-time Sign-in and Security Question Answers
If candidates or employees sign into a career section for the first time to create their candidate profile and they are required to provide answers for security questions, asterisks are displayed in place of the answers they type. For each security question, visitors must also enter their answer (also masked) in a second field to confirm the answer they provided in the first field.
"Forgot your password?" and Masking Security Answer Questions
If candidates or employees forget their password and are required to provide answers for security questions, visitors must enter their answer to each question in two fields, the second field serving as confirmation of the answer they entered in the first field. You can configure security question answers such that they are masked while being typed and submitted.
If the setting value is set to No, the characters will be displayed as the candidates or employees type them.
The "Mask the security answer values" setting is only displayed for internal and/or external career section configuration if the value of the corresponding "Use this method to change passwords" setting is set to include security questions. For example, if you select Access Code as the method to change passwords for internal career sections, the "Mask the security answer values" setting is not displayed (hence cannot be configured) for internal career sections.