Password Policy Rules

Introduction

This article will walk you through the process of entering and updating agency password rules. The Password Policy Rules feature in the Setup module's Business Rules component enables management to set agency-wide password rules for logins within the system.

Please Note: By default, passwords must be between 12 and 64 characters long and contain both letters and numbers. They are case sensitive and may contain special characters; however, they may not contain the user's login ID or the agency name (in a multi-agency database).

Prerequisites

• If you are not in the Executive Officer or System Administrator user group you must have one of the following permissions:
  • Display Executive Administration Buttons
  • Permissions Data Entry
  • Permissions Data Entry for All Staff and Layers
• Program Chart Access (required to configure program-level business rules such as e-signature and note/contact editing rules)
• Business Rules Data Entry (required to open or configure agency-level business rules such as the application timeout value and two-factor authentication)
• If you are working in a divisional database, you must be configured as Continuum Staff in the Human Resources module Staff Information feature (using the Payroll Group "Agency" selection list) in order to access and configure global business rules

Overview

Above screenshot shows the location of items 1-9 covered below. View full-size image.

1. Require password change on first login: Indicate whether a user should be prompted to update their password after their first successful login. This does not apply to existing users that log in for the first time after password policy rules are set.

2. Require password change following admin password reset: Indicate whether a user should be prompted to update their password after it has been reset by a system admin or supervisor.

3. Require both upper and lower case letters: Indicate whether passwords should be required to contain both upper and lower case letters. If this option is changed from "Do Not" to "Do," users with existing passwords will not be prompted to update passwords to meet the requirement until their passwords expire or are reset.
4. Require special character: Indicate whether passwords should be required to contain a special character. Allowed special characters include ! @ # $ % ^ & * ( ) _ + = | < > ? : ;
5. User must change password at least every ___ days: Enter the number of days after which a user's password should expire. Once the set timeframe is reached, users will be prompted to change their password upon logging in and before accessing other AWARDS screens. A value of 0 (indicating that passwords will not expire) is not allowed.
6. Warn user for ___ days before password expires: Enter the number of days before a user's password expires to display a warning message upon login. The warning states, "Your password will expire in __ days. Change your password soon."
7. User may change password at most ___ times per day: Enter the maximum number of times per day a user can be allowed to update their password. A value of 0 (which would allow unlimited password changes each day) is not allowed. Administrative password resets (those completed by an AWARDS administrator or supervisor) are not counted toward the daily password change limit.

8. New password must be different than previous ___ passwords: Indicate how many of the previous user's passwords should be unique. A value of 0 (which would allow for immediate reuse of the previous password) is not allowed.

9. Lockout user after ___ failed attempts for ___ minutes: Indicate the number of failed attempts before a user is locked out and/or the number of minutes they are locked out. Administrative password resets (those completed by an AWARDS administrator or supervisor) reset the lockout clock.

Instructions

Review the below instructions on how to enter/update password policy rules by selecting the "Get Started" button below.