What is Password Policies feature and how to set it up?

Password Policies feature allows you to have full control over passwords used by users on your site.

How to set up this feature

Before you start using this feature, please note that it requires PHP v5.4+ version.

To set Password Policies feature, you need to enable it first, and then configure the following functionalities (options) you want:

  • Prevent Pwned Passwords - Prevent use of ‘pwned passwords’
  • Minimum Strength - Enforce minimum password strength
  • Password Expiration - Expire all passwords forcing all users to reset their passwords after they next login
  • Apply To Existing Users - Apply these policies retrospectively to existing passwords forcing users to update passwords when they login again

The all options can be found under the main navigation menu > Security Zones > Users zone Configure All 'Users' Options link > Password Policies tab.

Password Policies options explanations

Option: Prevent Pwned Passwords

When enabled, this option prevents users from using any passwords found on the public available list of "pwned" passwords.

Option: Minimum Strength

When enabled, all passwords that a user sets must meet the minimum strength. To set the minimum strength, select one from the list.

Option: Password Expiration

When enabled, users will be forced to reset their passwords after the number of days specified.

Next time they try to login they'll be warned and prompted to update their password:

To disable this option, set the value to Zero(0).

Option: Apply To Existing Users

When enabled, this option will apply password policies to existing users and their passwords. It will force existing users to update their passwords if they don't meet requirements, after they next login.

Note: ShieldPRO is required for the all options except ‘Pwned Passwords’. To find out what the extra ShieldPRO features are and how to purchase, please follow this link here.

To learn more about the Password Policies feature and its importance, please read the blog release here.

To find out how to apply Shield' Password Policy for your site users logins, read the article here.