Setting Password Requirements and Expiring Passwords

Password Requirements and Options

LegalServer enforces the following requirements for user account passwords.

Must have at least 1 letter and 1 number
Minimum length is 8 characters
Cannot be a series of letters ending with either 1, 12, 123, or 1234
Cannot be 1234abcd or 1234qwer
Special characters like ! @ # $ % ^ & * ( ) { } are supported. And probably encouraged by your agency.

Site administrators can require these additional elements by changing Site Settings-> Security Settings:

Passwords must contain least one upper case character
Passwords must contain at least one lower case character
Passwords must contain at least one special character

Changing any or all of these options to "Yes" will only affect newly chosen passwords.

Expiring Passwords

LegalServer does not expire passwords by default. Password expiration is no longer recommended by NIST (SP 800-63B Section 5.1.1.2).

Site administrators can change this on the Admin > Site Settings page.

Users with an expired password are taken to the "Change Password" page after logging in with an expired password.

Note: Selecting a password expiration takes effect immediately and applies retroactively. For example, if a site is not using password expiration then selects 90 days, all users who have not changed their password in 90 days will be forced to change their password on the next login.