Password Settings

To help you protect your security, the system features a variety of password protection settings. As an administrator, you can choose from a variety of security options such as expiration timelines, complexity requirements, re-use limits, and lockout settings. Users are also given visual feedback to indicate the strength of their passwords.

These features are managed through controls in the Admin tab. Administrators can establish the basic "ground rules" through the settings, and are not authorized to directly change users' passwords themselves. Instead, a password reset system is in place in conjunction with the password security features.

How To

How To Setup Password Settings

Password Settings Page

Here, administrators can edit various settings regarding the security level of passwords.

The Password Security Settings page contains the following fields:

  • User Password is Good For
  • New Password History
  • Password Length
  • Password Complexity
  • Maximum Failed Attempts
  • Lockout Period Length

All fields are required. They each have a drop down selector next to them. The functions of each field and the various drop-down options are described below.

The Save button updates all changes to the settings, and returns the user to the Admin tab. Cancel does not save any changes, and returns the user to the Admin tab.

User Password is Good For

This determines how long a password remains useable before the system forces the user to update upon login.

Drop down options and their functions:

  • Never Expires - The password remains useable indefinitely and the system never forces the user to create a new one.
  • Monthly - The user is prompted to create a new password every month
  • Quarterly - The user is prompted to create a new password every three months
  • Yearly - The user is prompted to create a new password every year

New Password History

The user is not allowed to create a "new" password that is exactly like the last one. The New Password History option determines how many passwords the system remembers. Any previous passwords contained in this memory are rejected if they are submitted as new passwords.

Drop down Options:

  • 1 Password Remembered
  • 2 Passwords Remembered
  • 3 Passwords Remembered
  • 4 Passwords Remembered
  • 5 Passwords Remembered

Password Length

This setting determines the minimum character length for passwords.

Drop down Options:

  • 6 Characters
  • 8 Characters
  • 10 Characters
  • 12 Characters
  • 14 Characters

Password Complexity

This setting determines what types of characters must be included in a password.

Drop down Options:

  • None - The password does not need to include any particular type of characters (the character length value still applies. This does not mean no password is required).
  • Alphanumeric - The password must contain both numbers and letters.
  • Alphanumeric With Special Characters - The password must contain numbers, letters, and special characters. Available special characters:
    ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

Maximum Failed Attempts

This option determines how many times a user must get the password wrong before the system locks them out from making any more attempts.

Drop down Options:

  • No Limit - The system never locks users out for getting the password wrong.
  • 3 - The system locks out any user who enters the password incorrectly 3 times in a row.
  • 10 - The system locks out any user who enters the password incorrectly 10 times in a row.
  • 15 - The system locks out any user who enters the password incorrectly 15 times in a row.

Lockout Period Length

This determines the duration of the lockout period when a user meets the Maximum Failed Attempts defined above.

Drop down options:

  • 15 Minutes - The user can not attempt login for 15 minutes.
  • 30 Minutes - The user can not attempt login for 30 minutes.
  • 60 Minutes - The user can not attempt login for 60 minutes.
  • Indefinite (Must be reset by Admin) - The user is barred from attempting to log in forever or until the Admin lifts the ban.

Resetting a Locked Out User

To allow a user to log back in after being locked out, an administrator will need to use the password reset function as outlined in the section of this document entitled "Admin Resetting a User's Password." These actions will work regardless of the Lockout Period Length setting.

Save and Cancel

Click Save to save your work and return to the Admin tab. Click Cancel to leave the page and discard any unsaved work.


Password Strength Meter

Password Strength Meter

Notice the strength meter that evaluates password strength as it is entered on the various password creation pages.

As a password is typed, the strength meter displays one of six designations depending on the complexity of the password. The system bases its rating based on the amount of various types of characters used in the password:

  • Capital letters (Remember: passwords are case-sensitive.)
  • Lowercase letters
  • Numbers
  • Special characters
  • Total characters

Here are the password ratings in order from weakest to strongest:

  • Invalid - Password does not meet the set requirements.
  • Very Weak
  • Weak
  • Moderate
  • Strong
  • Very Strong

Password Requirements Checklist

Password entry pages also feature a Password Requirements Checklist. This list displays the password requirements and checks them off as a new password is entered.

These requirements can be set by administrators. See the next section of this document for details.

Security Settings Update Notice

Security Settings Update Notice

Whenever an administrator changes the password settings, users with passwords that no longer meet the requirements will get the following screen immediately after login:

This screen notifies users of the change, alerts them to the new requirements, and prompts them to create a new one.

While they enter their password, the checkbox checks off each requirement as it is met, and the password strength indicator rates the overall password complexity.

Password Reset Page

Password Reset Page

If you forget your password, you can click the Forgot your password link on the login page, enter your email, and click Send. If the email you entered is valid, you will receive a message with a link to page shown below. Alternatively, admins can send out this email using the process outlined in the section of this document entitled "Admin Resetting a User's Password."

If the requirements are met and the Password and Confirm fields match, the Save button confirms the submission and changes the password. The user will then be allowed to log in with their new password.

Admin Resetting a User's Password

The Reset Password button is visible when the user views employee profiles other than his or her own. Pressing this button will bring up the following popup window to confirm the reset of the user password.

If you click Cancel, nothing happens. If you click OK, the system will email the affected user a link which they can use to reset their password.

If you want to temporarily lock down a user's account, you'll need to "delete" the user (render them inactive).

User Resetting Their Own Password

When users view their own profile, the Password Reset button reads Edit Password.

The password entry field will display as shown, including the new password strength display tools.

Creating a New User

When you or another admin creates a new user, you'll typically input a username, and much of the user's profile info. When you save the profile, you will be given the option to set the user's initial password. When you do so, you'll be given the window to create the password.

New passwords must meet all of the requirements outlined in order to be accepted by the system. As a password is entered, the Password Requirements box will check off each requirement as it is fulfilled. These requirements are set on thePassword Security Settings Page, which is explained in the next section of this document.

A password strength indicator also rates the overall complexity of the password.

Best Practices


Release Notes

Find our most recent release notes.


Our community forum is coming soon.

Advanced Training Guides

Advanced training for the Lead Management Platform.

Have questions?

We're happy to help. An expert is just a phone call away.

(866) 593-2807

Mon-Fri 6-7 MST

Back To Top

© 2004–2014, Inc. all rights reserved. Use of the service and this Web site constitutes acceptance of our Terms of Use and Privacy Policy. technology is protected by the following United States Patents: 8078605, 8325738, 8352389, 8510382, 8566419.