As of version 6.4 farmerswife supports configuring Password Policies that apply globally to all user passwords (it does not affect other system passwords, such as Server Password or Invoice Manager Password).
Please note - This functionality does not currently apply to Resource Contacts with Web Access, you would still need to De-activate then Activate the Web Access for the Resource, to prompt them to add a password, which would then be required to meet the Password Policy rules)
In addition, as of version 6.5 it is also possible to Force Password Change On Next Login and to Exclude Users From Expire Password.
Access the Password Policies options either from:
Server > Setup > Users tab > Password Policies section at the bottom
Desktop Client > Toolbox > Settings > Server Setup (if User has “Server Setup” permission enabled) > Password Policies section at the bottom
Password Policies Configuration options:
The default for all options is "0", meaning disabled. Reset to 0 to disable.
- Attempts Limit: to set the allowed number of attempts to log in
- Lock Time (Sec.): to set the seconds the user will have to wait to try and log in again, after failing to enter a valid password (used in combination with Attempts Limit)
- Min Length: to set the minimum number of characters the password should have
- Max Length: to set the maximum number of characters the password should have
- Lowercase Letters: to set the number of lowercase characters the password should have
- Uppercase Letters: to set the number of uppercase characters the password should have
- Numbers: to set the number of numeric characters the password should have
- Special Characters: to set the number of special characters the password should have
IMPORTANT: These are the 14 supported and usable "special characters": !@#$%^&*()_+/ and space
Note! From 7.1 there are new restrictions on using space as leading or trailing character. The relevant warning will show on "Change your password" popup.
- Expiration Days: to configure the number of days before the password should expire (see further down how to Force Password Change On Next Login).
- Previous Password Limit (7.1): Allows to set up the number of previous passwords, that can not be re-used when changing password. For example: if 5 is added, user will not be able to use his last 5 passwords.
To activate this functionality:
Once an expiration number of days is configured, all active users will be prompted to change their password on next login. See also how to force password change on next login further down.
When connecting via the farmerswife Desktop Client application, the user will first get prompted to change the password and as he clicks "OK", he is presented with the set "Password Policy" rules. All set requirements first have to be met, before using the "OK" button to allow access to the system.
When connecting via iOS farmerswife app, Web Client or Mobile Web Client, the users will also be prompted from version 7.0 release ( 7.0.1000-8-gebdcb530f) onwards right at login and will be presented the password policy rules:
Changing the password via the Modify User window (either through Server > Setup > Users tab, or Desktop Client > Object Manager), or via the Modify Password (Desktop Client > Settings > Miscellaneous), also presents the set Password Policy rules.
Also in Desktop Client > Toolbox > Settings > Miscellaneous > next to Modify Password, the user can see info on when password expires.
Force Password Change on Next Login:
This option allows forcing users to change their password on the next login.
Two best practices would be to force reset whenever a user forgets his password so the system requires a new secure password not known to Admin who performed the reset.
Secondly, when updating Password Policies, farmerswife does not force users to update their passwords immediately, so the Admin would use this option to have all users change password at the next login.
To use this option, click on the Force Password Change On Next Login button to open the “Select Users To Force Password Change”, and move the users from the Not Selected pane on the left to the Selected pane on the right.
Note: After you added selected users to the "Selected" pane and press OK to close the window, when re-opening the list is cleared. But the previously selected users will have the Force Password change on next login.
Exclude Users from Expire Password:
This option is especially intended to be used for third-party system integrations when a special farmerswife user is needed and the password should never expire.
Clicking on this button will open the "Select Users To Exclude From Password Expiry". Simply, move the users from the "Not Selected" pane on the left to the "Selected" pane on the right to set the exclusion from the "Expire Password Policy".