The Password Policy Rules feature in the AWARDS System Setup module's Business Rules component enables management to set agency-wide password rules for logins within their database.  These rules include password expiration settings, requirements for password changes after having a password reset, password composition requirements, and lockout rules. 

To enter or update agency password rules, complete the following steps from the AWARDS Home screen:

1. Click Administration from the left-hand menu, and then click System Setup.  The System Setup fly-out menu is displayed.
2. Click Business Rules.  The Business Rules Menu page is displayed.

3. Under "Global Settings for All Programs" click Password Policy Rules.  The Password Policy Rules page is displayed.

4. Configure the fields and options on this page as needed:

  Require password change on first login - Click this drop-down and select "Do Not" or "Do" to indicate whether a user should be prompted to update his or her password after they successfully log in for the first time (the first time the password is ever used).  The default selection is "Do."

  NOTE: This does not apply to existing users that log in for the first time after password policy rules are set.

  Require password change following admin password reset - Click this drop-down and select "Do Not" or "Do" to indicate whether a user should be prompted to update his or her password after it has been reset by a system admin or supervisor.  The default selection is "Do."

  Require both upper and lower case letters - Click this drop-down and select "Do Not" or "Do" to indicate whether passwords in the database should be required to contain both upper and lower case letters.  The default is "Do."

  NOTE: When this option is changed from "Do Not" to "Do," existing passwords are grandfathered in and users will not be prompted to update passwords to meet this requirement until they expire or are reset via other methods.

By default, AWARDS passwords must be between 12 and 64 characters long and contain both letters and numbers. They are case sensitive and may contain special characters. However, they may not contain the user's login ID or the agency name (in a multi-agency database).

Special characters include: ! @ # $ % ^ & * ( ) _ + = | < > ? : ;

  Require special character - Click this drop-down and select "Do Not" or "Do" to indicate whether passwords in the database should be required to contain a special character.  The default is "Do."  Allowed special characters include ! @ # $ % ^ & * ( ) _ + = | < > ? : ;

  User must change password at least every __ days - In this field, enter the number of days after which a user's password should expire.  Users will be prompted to change their password upon logging in once the set timeframe is reached, before accessing other AWARDS screens.  The default value is 180.  A value of 0 (indicating that passwords will not expire) is not allowed.

  Warn user for __ days before password expires - If a value is set in the option above, in this field enter the number of days before a user's password expires.  They will receive a warning letting them know their password is about to expire.  The warning appears after a user logs in and states, "Your password will expire in __ days.  Change your password soon."  The default value is 5.

  User may change password at most __ times per day - In this field, enter the maximum number of times per day a user should be allowed to update his or her password.  The default value is 3.  A value of 0 (which would allow unlimited password changes each day) is not allowed.

  TIP: Administrative password resets (those completed by an AWARDS administrator or supervisor) are not counted toward the daily password change total.

  New password must be different than previous __ passwords - If a users' new password should not be the same as a previously used password, click this drop-down and select 1, 2, 3, or 4 to indicate how many of the previous passwords should be unique.  The default value is 3.  A value of 0 (which would allow for immediate reuse of the previous password) is not allowed.

  Lockout user after __ failed attempts for __ minutes - By default, AWARDS locks out a user after 10 failed attempts for 10 minutes.  Use these fields to adjust either the number of failed attempts before a user is locked out and/or the number of minutes they are locked out.

  TIP: Administrative password resets (those completed by an AWARDS administrator or supervisor) reset the lockout clock.

5. Click UPDATE.  The Password Policy Rules confirmation page is displayed.

The process of entering password rules is now complete.

  https://demodb.footholdtechnology.com/help/?11794