Member Security
Passwords
Strong passwords are required for both Admins and Constituents. Admin and Member passwords have the same strength requirements and will no longer be configurable in Security Settings.
Passwords must be at least 8 characters, and require one of each of the following:
Uppercase letter(s)
Lowercase letter(s)
Number(s)
Symbol(s)
Current Password is Required to Change Password
Constituents will always have to enter their old password to change their password, UNLESS they are resetting their password (via the reset password link on the login page)
Admins will NOT have to enter the old password when they are changing the password for another user.
Admins will need to enter their old password when updating their own password (unless via reset).
Navigating to Member Security
1. Select the Key
2. Click the Member Security tab.
3. Make changes as needed. Click Save to save your changes.
Password Expiration Time
Password Expiration Time sets the time frame that a member’s password is valid. When the time expires, the member must change their password. The options are:
Never (Default)
Every Month
Every 2 Months
Every 3 Months
Every 3 months
Every Year
Invalid Login Attempts
Invalid Login Attempts sets how many times a member can log in unsuccessfully before their account is locked. The options are:
Never lock a Member out because of Invalid Attempts (Default)
3 Invalid Attempts
5 Invalid Attempts
10 Invalid Attempts
20 Invalid Attempts
50 Invalid Attempts
NOTE: An email will be sent to administrators when an account has been locked due to the number of invalid login attempts being reached.
Unique Password Interval
The Unique Password Interval feature enhances site security by forcing users to choose a unique password over a specific time span. The options are:
At Least 1
At Least 3 (Default)
At Least 5
At Least 10
At Least 20
For example, if At Least 3 is selected, that means that a user must choose three unique passwords before repeating a password that they previously used.