Technical documentation - Force change of password and account blocking at failed login

Owned by Mattias Löfstrand
Last updated: 31 May 2022
1 min read

It is possible to configure forced password change at a regular interval.

This function is available in version 4.4 and later

Overview

For configurations which use the built in server database and AssertDBAuthentication, users will be forced to change password at a regular interval.

<!-- Adding this setting will turn on the function --> <PasswordExpireSettings> <!-- Password expires after 90 days --> <PasswordExpireDays>90</PasswordExpireDays> <!-- User will get a warning to change password at sign in 20 days before it expires --> <PasswordNotificationStartDays>20</PasswordNotificationStartDays> <!-- If true, the user will be able to request a new password when password has expired. If false, user will have to call admin to get a new password. Default is true. --> <ResetExpiredPasswordEnabled>true</ResetExpiredPasswordEnabled> <!-- In version 5.2 user account can be locked after several failed logins. Default is not to lock. --> <LockAccountOnNumberOfFailureAttempt>5</LockAccountOnNumberOfFailureAttempt> </PasswordExpireSettings>

 

Before version 5.1.11 force change of password is default disabled. Version 5.1.11 and later default values are as below.

PasswordExpireDays = 90 PasswordNotificationStartDays = 5 ResetExpiredPasswordEnabled = true