Skip to end of metadata
Go to start of metadata

To set password policies such as automatic expiry, length, character requirements etc, select Administration > Configuration.

Go to the Password policy section of the screen.


Password authentication in Phocas

Phocas authentication

This is the default, with users and passwords stored in the Phocas system. If your site uses Phocas authentication you can set a site-wide password policy.

LDAP/Active Directory

LDAP (Lightweight Directory Access Protocol) authentication can be configured during installation. User passwords take on AD protocols and administrators will not see any Password policy options.

Password policy options

  • Automatic expiry (the number of days for which a user’s password will remain valid before it expires, forcing the use to reset their password when they next attempt to log on). An administrator can also reset passwords.
  • Minimum length of a password.
  • Failed login attempts. If this is left blank or set to 0, there will be no limit of the number of times a user can attempt to login. See how to unlock a user's account. Note. LDAP accounts are not subject to lockout.
  • Minimum number of upper case letters 
  • Minimum number of numeric characters.
  • Minimum number of special characters.
  • Whether users are prevented from changing their own password.
  • Whether 'Remember me' is disabled on the sign-in screen.

More about user passwords

Other tools and settings are available to help administrators manage user passwords. These are covered on the Manage user passwords page.