Use the Password Properties dialog to manage password-related policies and customizations.
This dialog presents the following options which control the rules that CommonSpot enforces when a user's password is changed. This also controls how this password is stored in the CommonSpot database, and where any customizations are located. Note that this does not apply for sites where SAML (or some other custom) authentication has been configured.
Password Rules
Minimum Length: The minimum number of characters in a valid password
Don't allow password to contain user name: If checked, a new password will be rejected if it contains the user name for the account.
Require at least one lower-case character: If checked, a new password will be rejected if it does not contain at least one lower-case letter.
Require at least one upper-case character: If checked, a new password will be rejected if it does not contain at least one upper-case letter.
Require at least one digit: If checked, a new password will be rejected if it does not contain at least one digit (0-9)
Require at least one non-alphanumeric character: If checked, a new password must contain at least one 'special' character such as '$', '%', '@' or any other printable character which is not a letter or a digit
Password Encryption
Encrypt stored passwords: If checked, passwords will be encrypted before being saved to the database, and authentication attempts will encrypt the submitted password before comparing with the stored value. If unchecked, passwords are stored in plain text in the CommonSpot database.
Custom Password Rules & Encryption Component
Component Path: Enter the path to the ColdFusion component which contains customizations for one or more password and user validation methods. This path should be
A sample implementation is provided in the 'samples/security' directory in the CommonSpot installation (password.cfc). See the developer's guide for more details about the various methods in this component.
Default Password Expiration Days: The default number of days before which the user is required to change their password. Specify 0 for no expiration. This setting can be overridden for individual users in the User Profile dialog.
Reset Password Expiration: Click this button to reset password expiration for all users who do not have '0' specified for the password expiration period in their profile settings.
Expire All Passwords: Click this button to force all users to change their passwords at their next login.
Exclude users with non-expiring passwords:If this is checked, the 'Expire All Passwords' action will not apply to users with the password expiration period set to zero.
Users can change an expired password
The available options are:
any time after the password expires: A user with an expired password can log in and update their password at any time, regardless of when the last login took place.
within X days after the password expires If a user has not logged in within the specified number of days, their account is locked and cannot be used without being explicitly reset by an administrator.
Related Links
You can download PDF versions of the Content Contributor's, Administrator's, and Elements Reference documents from the support section of paperthin.com (requires login).
For technical support:
