You can find this section under Security > Admin Passwords in the IRP Admin left navigation menu.
The Admin Password section allows you to change various settings such as the length and complexity of passwords. NOTE that several of the values that you set on this page will affect what Admin Users see on the AdminUserEdit.aspx page. For example, if you set ‘Minimum Password Length’ to ‘8’, the Password Policy section on AdminUserEdit.aspx will state ‘Minimum password length: 8 characters’.
You can change the following settings:
Setting |
Description |
Account Lockout Settings |
Number of failed login attempts before lockout |
This value defines the number of failed login attempts that an IRP Admin user is allowed before they are locked out of their account.
We recommend that you set this to a low value, and no more than 5 attempts. |
Number of minutes to suspend account for |
When an IRP Admin user is locked out because of too many failed login attempts, this setting defines for how long the user is automatically locked out of their account before he or she can attempt to log in again. We recommend that you set this value to at least 30 minutes. |
Password Policy |
Maximum Password Age (Days) |
This is the maximum number of days allowed before a user has to change their password. It is good security practice to change your password periodically.
0: No requirement to change passwords periodically.
1+: The user must change their password after this number of days.
We recommend that you set this value to at least 42 days (6 weeks) and at most 90 days (~ 3 months). |
Minimum Password Age (Days) |
This is the minimum number of days allowed before a user can change their password again.
0: No restriction.
1+: The user cannot change their password until this number of days has elapsed.
We recommend that you set this value to at least 1 day. |
Number Of Previous Passwords To Remember |
This defines the number of passwords that the IRP will hold for any given Admin user and therefore recognise if a user has used a password previously. This means that the user cannot use the same password again until they have changed their password at least this number of times. You should combine this setting with the Minimum Password Age (Days) setting to stop users changing their password the required number of times immediately so that they can use their same password again.
0: No history.
We recommend that you set this value to at least 4 passwords. |
Password Complexity |
Minimum Password Length |
This is the minimum length that a user's password must be.
0: No minimum length.
1+: Passwords must be at least this number of characters long.
We recommend you set this setting to at least 8 characters. |
Password Must Contain Number |
Check this box if you want all IRP Admin user passwords to contain at least one number.
We recommend that you check this box. |
Password Must Contain Special Character |
Check this box if you want all IRP Admin user passwords to contain at least one 'special' character.
A special character is not a number or a letter — examples of special characters are: '!', '$', '%', '^', '&', '*'.
We recommend that you check this box. |
Password Must Contain Uppercase and Lowercase Characters |
Check this box if you want all IRP Admin user passwords to have an upper case character AND a lower case character. Note that Admin passwords are case sensitive.
We recommend that you check this box. |
Password Must NOT Contain Obvious Values |
Check this box if you do not want all IRP Admin user passwords to contain strings that could be guessed easily (for example, Username, First Name, Surname, City, County, Country, Company Name or Email Address. When a user tries to use an obvious string in their password, they will be stopped and informed about what they need to change.
We recommend that you check this box. |
Force All Users To Change Passwords |
Click the Force Change Passwords button to force all users to change their password. They will be forced to change their password the next time that they log in to IRP Admin. All new passwords will be forced to comply with the password policy above. You should do this if you have made a change which increases your password complexity. |
If you change any of the settings above, click the Update Password Settings button to save your changes.