Password Profiles determine the properties and requirements of the passwords that are used to log into the application. For example, the Password Profile determines the number of characters allowed in a password and how many times a user is allowed to enter the wrong password when logging in to the application. The Password Profile also defines the Default Password that displays when you use the Reset Password button on the Employee form.
The Password Profile settings also apply to the login needed to view an Ad Hoc Report using the REST URL.
A Password Profile can be assigned to a single Person via the Employee Setting form, to an Employee Group with type POLICY_GROUP or FACILITY via the Employee Group Setting form, or to all users via the System Settings form. A Person setting overrides an Employee Group setting, which overrides a System Setting. See Settings Precedence for more details.
For instructions on how the employee should log in for the very first time, see First Time User Login.
See Also:
Password Profile Field Descriptions
Password Prof Name
Name of the Password Profile record. The DEFAULT_PASSWORD_PROFILE is assigned as a System Setting, which applies to all users. It requires the password to be 6-10 characters long, include one alpha character, one numeric character, and one special character.
The Default Password can be used as a temporary password after a reset. The Default Password will display as the Temp Password when you use the Reset Password button on the Employee form to reset a person’s password.
After a person’s password is reset, the person must create a new password in the Change Password option in the Login screen. The Temp Password will be entered in the Old Password field. See Create a New Password After Reset or Expiration.
The Default Password does not have to meet the requirements of the person’s Password Profile. However, you cannot use any of the following characters in the Default Password:
# % \ ' ? = + &
The Default Password may also be assigned to a person when a new record is created on the Employee form (provided the Password Profile is assigned as a System Setting). The person will have to change this temporary password using the Change Password option in the Login screen. See First Time User Login for more information.
Change Pwd Duration
Length of time that a person has to change his or her password after it expires or has been reset. This duration is based on the Change Pwd Unit. For example, if Change Pwd Unit is set to Minutes and Change Pwd Duration is set to 5, the person has 5 minutes to change his or her password after it expires or is reset.
When this duration passes, if the person tries to change his or her password from the Login screen, an error message will display (Change Password Failed). The person’s supervisor will need to reset the person’s password again in order for the person to change it.
If Change Pwd Unit is set to None, then the person will have an unlimited amount of time to change his or her password after it expires or has been reset.
Change Pwd Unit
Unit of measure for the Change Pwd Duration (see above).
If Change Pwd Unit is set to None, then the person will have an unlimited amount of time to change his or her password after it expires or has been reset.
If Change Pwd Unit is set to Seconds, Minutes, Hours, or Days, the Change Pwd Duration determines the number of seconds, minutes, hours, or days the person has to change his or her expired or reset password.
Never Expires
Check this box if you never want the password to expire. The Expiration Days and Expiration Warn Days fields will be set to zero (0) and disabled.
If you do not check this box, the Expiration Days and Expiration Warn Days will be set to 1 by default; you can change these values as necessary.
Expiration Days
Number of days before the password expires.
If Never Expires is checked, the Expiration Days will be set to zero (0) and disabled.
If Never Expires is not checked, you must set the Expiration Days to a value of 1 or greater.
Expiration Warn Days
Number of days prior to the expiration day that the user will receive a warning message saying that the password will expire.
If Never Expires is checked, the Expiration Warn Days will be set to zero (0) and disabled.
If Never Expires is not checked, you must set the Expiration Warn Days to a value of 1 or greater.
Min Pwd Characters
Minimum number of characters that must be in the password. You must enter a value of 1 or greater (up to 40) in this field. The Min Pwd Characters cannot exceed the Max Pwd Characters.
Max Pwd Characters
Maximum number of characters allowed in the password. You must enter a value of 1 or greater (up to 40) in this field.
Min Alpha Characters
Minimum number of alphabetical characters that must be in the password. You must enter a value of 0 or greater (up to 40) in this field.
Min Numeric Characters
Minimum number of numeric characters that must be in the password. You must enter a value of 0 or greater (up to 40) in this field.
Min Special Characters
Minimum number of special characters that must be in the password. You must enter a value of 0 or greater (up to 40) in this field.
Max Pwd Tries
Defines how many times the user may try to log in with the wrong password before being locked out. You must enter a value of 0 or greater (up to 100) in this field. To allow users unlimited attempts to log in, set the Max Pwd Tries value to zero (0).
When a user tries logging in with the wrong password after this number of attempts, the message Invalid Login will display and the user will not be able to log in until his or her password is reset and/or changed.
This setting applies to:
The Password field on the Login form
The login screen for viewing an Ad Hoc Report with a REST URL
The Password field for kiosk events in a client terminal
This setting does not apply to the Change Password form in the Self Service menu.
The count of the number of incorrect passwords entered is based on all three of the forms listed above. For example, your Max Pwd Tries is 5 and you have entered the wrong password 4 times when logging into the application. You then enter the wrong password 1 more time when logging into an Ad Hoc Report. The next time you try to log into the web application, an Ad Hoc Report, or a kiosk event on the client terminalw, the message Invalid Login will display. This message will continue to display regardless of whether you enter the correct password or not. Your password will need to be reset.
Reset Pwd Tries
Number of times the user is allowed to enter the wrong Old Password in the Change Password option in the Login screen. This tab is used to change a password that has expired or been reset. If a user exceeds the number of Reset Pwd Tries, the Change Password Failed message will continue to appear and the password will have to be reset again.
You must enter a value of 0 or greater (up to 100) in this field.
For example, a person’s password is reset and the temporary password is temp. In the person’s Password Profile, Reset Pwd Tries is set to 3. The person goes to the Change Password option in the Login screen and, forgetting his temporary password, enters the wrong Old Password three times. On the fourth attempt, the person remembers his temporary password is temp and enters it in the Old Password field. However, when the person clicks Save, the Change Password Failed message still appears because the person has exceeded the Rest Pwd Tries. The person’s password will have to be reset again.
Update Date, Updated By
These fields display when the record was created or updated, and the person who created or updated the record.
Click Main Menu > Configuration > Security > Password Profile.
Use the Password Prof Name field at the top of the form to enter the name of a specific Password Profile you want to find.
You can use the * or % wildcard symbol to search using partial values in the Password Prof Name field. The wildcard symbol can be placed anywhere in your search value to represent unknown characters. For example, to find Password Profiles that start with the letter b, enter b* in the Password Prof Name field. To find Password Profiles that include 007, enter *007* in the Password Prof Name field.
Click Find.
The records that match your search criteria will display.
Click Main Menu > Configuration > Security > Password Profile.
Click Add.
Complete the fields on the Add Password Profile form. See Password Profile Field Descriptions for details.
Click Save.
Click Main Menu > Configuration > Security > Password Profile.
Select the record you want to duplicate and click Copy.
Modify the fields (see Password Profile Field Descriptions for details).
Click Save.
Click Main Menu > Configuration > Security > Password Profile.
Select the record you want to modify and click Modify.
You can modify any of the fields except the Password Profile Name (see Password Profile Field Descriptions for details).
Click Save.
Click Main Menu > Configuration > Security > Password Profile.
Select the record you want to delete and click Delete.
Click OK to confirm the action.
Note: You cannot delete a Password Profile if it has been assigned as a system setting, employee group setting, or employee setting.