Strong Passwords

Organizations have the ability to set create strong password settings for users, staff, and clients. These settings are optional.

---

Navigation Menu

Release 3: Header Bar > Settings > Organization Profile

Release 2: Admin Menu > Settings > Organization Profile

Applies To:    Enterprise    Plus    Basic

---

Strong Passwords

Passwords have the following formatting requirements unless the strong passwords feature is enabled.

• Must be 8 to 15 characters in length.
• Special characters allowed but no spaces, quotes, or apostrophes.

If Strong Passwords are enabled, the following settings are available.

• Enable Admin (users), QuickTools (staff), or Client: Each is a separate enable option.  However, if enabled, the format settings are the same for all those enabled except Change Frequency and Repeat Frequency.
  
• Minimum Length: From 8 to 12 characters
• Maximum Length: From 8 to 15 characters.
• Require Upper Case: At least one upper case character is required.
• Require Lower Case: At least one lower case character is required.
• Require Number: At least one number character is required.
• Require Special Character: At least one special character is required but no spaces, quotes, or apostrophes.
• Change Frequency: The number of months the current password can be used before it expires.  Optional.  For Admin users only.  From 0 to 12 months.  A value of zero disables the feature. The system user would be required to change their password before the end of the expiration date.  If the user does not change the password before the expiration date, they are locked out of the system until the password is changed.
  
• Repeat Frequency: The number of times a password can be used before it can never be re-used again.  Optional.  For Admin users only. From 0 to 5 repeats.  A value of zero disables the feature. A value of 1 allows a password to only be used one time and can never be used again.
  

Strong Password Notes:

• Passwords are case-sensitive.
• Add User Name function: This function does not format passwords using the strong passwords settings.  However, at the time a client password is reset manually, the strong password settings would immediately be in effect and are required.
• In all locations where Forgot Password and Change Password options exist, strong password settings are recognized and required.
  
• The strong password settings are the same for all branches.
• Change Frequency: Be sure you desire to use this feature before setting the Change Frequency to a value greater than zero.  Once set to a value of 1 or greater, an expiration date is automatically set for all system user passwords to expire when you save the Organizational Profile.  There is no undo option once this expiration date has been set.  Make sure you desire to use this feature and know exactly how many months you desire to require passwords to change before saving the Organizational Profile.
  
  • The setting is for the number of months.  For example, if set to 1, the user will need to change their password once per month.
    
  • While logged in, if a user's password is within 14 days of expiration, a message will display in the XenDirect header with the number of days left before expiration.  The user can click the [Password] function to see when the password is set to expire and to change the password.
  • If a user attempts to log into XenDirect and their password has expired, they will be prompted to use the [Forgot Password] function on the login page to reset their password.  If there is no email associated with their user account or cannot manage to change their password, the user must contact a system administrator to reset their password.

---