What is Password Policies feature and how to set it up?
Password Policies feature is a part of the Shield's User Management module. It allows you to have full control over passwords used by users on your site.
How to set this feature
Before you start using this feature, please note that it requires PHP v5.4+ version.
To set Password Policies feature, you need to enable it first.
And then enable the following functionalities (options) you want:
- Prevent Pwned Passwords - Prevent use of ‘pwned passwords’
- Minimum Strength - Enforce minimum password strength
- Password Expiration - Expire all passwords forcing all users to reset their passwords after they next login
- Apply To Existing Users - Apply these policies retrospectively to existing passwords forcing users to update passwords when they login again
Password Policies options explanations
Option: Prevent Pwned Passwords
When enabled, this option prevents users from using any passwords found on the public available list of "pwned" passwords.
Option: Minimum Strength
When enabled, all passwords that a user sets must meet the minimum strength. To set the minimum strength, select one from the list.
Option: Password Expiration
When enabled, users will be forced to reset their passwords after the number of days specified.
Next time they try to login they'll be warned and prompted to update their password:
To disable this option, set the value to Zero(0).
Option: Apply To Existing Users
When enabled, this option will apply password policies to existing users and their passwords. It will force existing users to update their passwords if they don't meet requirements, after they next login.
Note: ShieldPRO is required for the all options except ‘Pwned Passwords’. To find out what the extra ShieldPRO features are and how to purchase, please follow this link here.
To learn more about the Password Policies feature and its importance, please read the blog release here.
To find out how to apply Shield' Password Policy for your site users logins, read the article here.