User passwords are controlled in the Passwords settings within User Defaults. There are a number of functions associated with these settings.
Note
You will need access to User Defaults, to edit your default settings. These can be accessed by those who have the correct permissions
This article includes:
- Unlocking a user
- Changing the number of attempts before being locked out
- Set passwords to expire after a number of days
- Enforcing a complex password
- Users changing their own password
Unlocking a user
If the user has had their password locked, they will have been made inactive. In this case, you will need to untick Hide inactive users to see their name, before you can change their password.
- Click Defaults on the main toolbar
- Click User Defaults from the dropdown menu
- Click Passwords
- Untick Hide inactive users to show all users
- Double click on the users name for whom you want to unlock or reset their password
- Click Change Password
- Create a password to give to the user within Enter New password
- Type in the new password again within Confirm New Password
- The password you created is a temporary password. The next time the user logs in with the password you created, the user will be asked to change their password immediately
Changing the number of attempts before being locked out
Passwords will be locked after they have been entered incorrectly after a set amount of times. This cannot be turned off, but you can change the number of attempts that are allowed, from between 3 and 10.
- Click Defaults on the main toolbar
- Click User Defaults from the dropdown menu
- Click Passwords
- In the Lock passwords after field, use the up and down arrows to increase and decrease the number of attempts before your users become locked out, should they incorrectly enter their password more than the number of times selected
Once a password is locked, the user is marked as inactive.
Set passwords to expire after a number of days
To improve password security, you can set all users or a number of users, for their passwords to expire after a set amount of days.
A message appears at the time of log in when they have 7 days or less before their password is due to expire. After the set time has passed, the user is prompted to change their password.
- Click Defaults on the main toolbar
- Click User Defaults from the dropdown menu
- Click Passwords
- Tick Expire passwords after to activate the function
- Use the up and down arrows to increase and decrease the number of days before your users passwords expire
- Alternatively, you can select a number of users in the Select column, then click Expire Selected Users Passwords. Any users who aren't selected won't be requested to change their password
- You can also double click on an individual user and click Expire Password
Enforcing a complex password
If you wish, you can enforce a more complicated password for all users. These complex passwords have to be between 8 and 16 characters with upper and lower case letters, contain at least 1 number, and 1 special character.
- Click Defaults on the main toolbar
- Click User Defaults from the dropdown menu
- Click Passwords
- Tick Enforce complex passwords to activate the function
On ticking this box, you'll be asked if you wish to force all users to update their passwords the next time they login. If you:
- Click No, they will only need to change to a complex password if you have set passwords to expire
- Click Yes, the next time each user logs in, they will be prompted to change their password
If their new password doesn't meet the complex password criteria, they'll be advised in a pop up message.
Users changing their own password
If you want to change your password to log in, without being prompted in the above scenarios, you can do this in Defaults.
- Click Defaults on the main toolbar
- Click Change Password from the dropdown menu
- Enter your old password
- Enter your new password
- Click OK
- A message appears if you are required to enter a complex password