The Password Rules page allows you to specify how user passwords are set up for security purposes, including how often users are asked to change their password and rules for formatting a password.
To edit the rules, go to School > Users and Security and select Users > Password Rules from the left-hand menu. Here you will see the options to set password rules for Students, Teachers and Other (guardian) user profiles.
Editing the rules
To edit the rules, click the Edit Rules button. A slide over will appear where you can enter the rules you wish to apply.
- Requires number/ Requires letter/Requires mixed case - These settings determine what a user's password must include. When choosing a password, it needs to fulfil this criterion. Number and letter are required for staff profiles, but not for student or guardian profiles.
- Min length - This compulsory field indicates the minimum number of characters a password needs to be.
- Days valid - Users will be prompted to change their password after the number of days specified has passed. It is not possible to have passwords that do not expire.
Once you set the rules, click Save Changes.
How long does a password need to be?
You can set a requirement for password lengths, with these values:
- Minimum: 7 characters
- Maximum: 16 characters
How many days can a password be valid for?
You can set a requirement for the length of time a user can use their password before they need to set a new one:
- Minimum: 1 day
- Maximum: 730 days or 2 years
Can we force a password reset?
Each day, we check whether the age of a user's password is more than or equal to how old passwords can be. If greater, the user will need to reset their password.
This means that you can set the Days valid to 1 to force a password reset for everyone tomorrow.
- You can't force a reset today, as you can't set the days to zero.
- Once the reset has been completed, you'll need to change the Days valid back to your default, to prevent passwords needing to be changed each day.