FAQ for Logins and Passwords

This section answers frequently asked questions for logins and passwords.

Do Passwords Expire?

By default, the Password option is not enabled. When enabled, it is set to expire in 90 days, by default. Use Duration to enable password expiration.

The time when the user enables password expiration is relative to when the user account was created. For example, if admin creates a user named bob today, and in 15 days decides to enable password expiration with a 10-day limit, the user bob will be forced to change his password the next time he logs in.

What Happens After Unsuccessful Logins?

After 5 unsuccessful login attempts, login access is locked for 15 seconds.

Use the Lockout option to temporarily lock an account after every authentication failure, for a fixed period of time.

Note:  This option provides some protection from brute force attacks.

Can a User be Forced to Change Their Password?

There is not a way to force a user to change their password when they next log in.

Are Passwords Displayed?

Passwords are not displayed. Passwords are always hashed on the screen.

Who Creates Users and Passwords?

Only a user with an admin role can create user accounts and passwords.