Setting Up Login and Password Policies in Connect Pro

As an Administrator, you can edit your login and password policies for your Connect Pro account. To edit these policies, simply login to your account and from the Administration tab, choose Users and Groups, and then Edit Login and Password Policies.

On this screen, you will see:

1. Option to change the Login Policy. By default, this policy is set to use the user's email address as their default login.

If you select "No" you can use other login schemes for user accounts.

If this is set after the majority of users have already been created, the users' logins will remain the preset email addresses until manually changed. Note that users do not have the ability to change their login names with this option checked.

2. Password Policies:

In this section, you have the option to:

3. Have passwords expire every x amount of days (If you leave this option blank, passwords do not expire)

4. Require a certain character to be in a password

5. Require that passwords contain a number

6. Require that passwords contain a capital letter

7. Set the Minimum and 8. Maximum password length.

These policies will also show up as a hint when a user chooses to reset his or her password:

All of these password policies can play a role in the strength of passwords required by Connect Pro. If passwords expire after a set amount of days, users will not be able to use the same password they are using for other systems, such as their LDAP login. However, this means that they might forget their new password more often. If passwords require a certain character, number or capital letter, this prevents users from choosing a common word or phrase as a password. Passwords that are standard words or a combination of words are very easy to crack, as opposed to passwords with assorted characters, numbers or capital letters.

Minimum password length can also strengthen the users' choice of passwords simply by offering more potential combinations of passwords.

If desired, these policies can be set so they are similar to your LDAP password policies, so that users may use the same password for their LDAP and Connect Pro login.

Overall, it is best practice to consult your IT security department before setting these policies.

If you do not have a password policy in place, here are some external resources you can consult to learn more about password policy best practices.