To take advantage of the ability to set certain restrictions on system user passwords, open "Security/Authorization" menu:
The settings can be divided into two parts:
1. Expiration date. It is checked only during authorization in the system using the form on the main page;
2. Validator of the password's complexity. It's checked:
- while the registration:
- in the form of editing:
- in the user's profile:
- in login form;
- when resetting password.
Automatic generation of passwords by default includes:
- special characters;
- minimum length - 12 characters;
If the settings are disabled, the password is generated according to the current system policy.
A form for forced change of password has been added. This form works only in case of authorization through the login form on the site.
When a user logs in via the form on the main page and the created password policy is violated, the system automatically proceeds to the form with the requirement to change the password. For example, after the password requirements are set, if you enable the "Check password policies at login" checkbox, the user won't be able to log in until he changes his password.
If you change a user's password and they are logged in in the system at the same time, they will be automatically logged out within 10 minutes, including when the "Remember me" setting is enabled. Pay attention to this, if you need to change the password for an agent during working hours.
An exception is made only if a system user changes their password on their own in a contact's profile or card.
The "Check password policies at login" setting is disabled by default. When enabled, each user's password is checked against the policy settings when logging on to the system. Without enabling the setting, you can keep old user passwords unchanged, but for new ones, including when editing, the set rules will be checked.