Admin Users
Admin / Administration / Users
Passwords
Requirements
Passwords require:
- At least 8 characters
- At least one number
- At least one upper case character
- At least one lower case character
- At least one special characters from the following:
@#$%^&+*!=
- Not be part of a known data breach as provided by Have I Been Pwned
Password Resets
Forgotten Password
A user can reset their own password by requesting a forgotten password email from the login screen. This will require them to enter a new password meeting the criteria detailed here.
Force Reset
A user with sufficient permissions to access to the Admin User module can also force a user to reset their password by ticking the Force Password Reset
checkbox. This will require the user to know their current password and enter a new password meeting the criteria detailed here.
Reset By Admin
Alternatively, if the user does not rememeber their current password and is having trouble with the Forgotten Password process, it can be reset on their behalf via the Admin User module by a user with sufficient permissions. The new password entered here also needs to meet the criteria detailed here. When the user logs in with their new password, they will be asked to update it with a new password meeting the criteria detailed here.
Reset By Breach
We periodically check passwords against known data breaches using the Have I Been Pwned service. If your password is part of a known breach, the account will be forced through the Account Lockouts process.
Account Lockouts
If a user fails to log in 5 or more times without a successful login, or the users password is found to be part of a data breach, their account will be blocked. They will not be able to reattempt logging in for 5 minutes. Each failed attempt when the account is blocked will result in another 5 minute timeout.
Unlock By Forgotten Password
A blocked user can attempt to lift the block themselves by requesting going through the Forgotten Password process.
Unlocked By Admin
An account block can be added or removed by a user with sufficient permissions to access the Admin User module by unchecking the Account Locked
checkbox.