Setup
To enable these features, navigate to to the Company Settings page and click on the Security tab. The Password Expiration Policy has been moved from the Company tab to the Security tab. The Security tab has multiple settings but the ones relevant to this article are under the User Password Settings heading.
โ
Once on the Security tab, it is possible to change the Password Expiration Policy. Options include every 90 days, every 365 days and never. For the most secure system, every 90 days should be selected.
You may also choose to enable the Secure Password and User Account Policies. These will require complex passwords and will disable login after multiple failed attempts or after 90 days with no account login.
How it Works
If the Password Expiration Policy is set to 90 or 365 days, a user will be forced to change their password on the next login following expiration of the password.
If the Secure Password and User Account Policies are enabled, then it is required that the Password Expiration Policy be set to 90 days. Furthermore, if an employee account has not been accessed in 90 days, their login will be disabled. An employee with administrative privileges will need to navigate to the employee page and re-enable login for their account (see red rectangle below). If an employee's account has too many failed login attempts, then their login is frozen for 30 minutes or until an admin unfreezes their account (see green rectangle below).