Password options in satisfy military-grade security requirements and can be made as strict or lenient as you require. Users are often granted access to change their own passwords, but the default settings only allow admin users to change other users’ passwords.
Creating secure passwords is very important. For passwords to be resistant to attack and malicious users, they should adhere to several guidelines:
All power user accounts should be secured with such passwords, especially those in the Admin group. If you wish to give end user accounts simple passwords for their convenience, then these users should be severely restricted in their permissions. For example, you might only allow them access to a single record form to complete. If you allow end users to modify existing records or view sensitive data, they should be given secure, attack-resistant passwords.
For the most secure passwords, we recommend requiring a minimum password length of 12–14 characters with at least one uppercase, one lowercase, one numeric, and one symbolic character.
The Password Field wizard is used for creating new Password fields and editing existing Password fields. To access the wizard, navigate to the Fields tab of a Table wizard and select New > Password, or edit an existing Password field.
The wizard is very similar to other Field wizards, with General, Options, Permissions, and Display tabs. Only the Options tab contains unique settings, which determine the password requirements mentioned above, as well as additional options that improve password security:
Password fields, like other data types, allow for different settings on different subtables. For instance, the out-of-the-box KB has Employees and External Users subtables on the People table. If only employees log in to the system, it's reasonable to make the Password field required on the Employees subtable but not the External Users subtable.
In other cases, you may want to require longer and stricter passwords for employees and let end users create passwords with fewer characters and requirements. Although this option provides useful flexibility, every unique password configuration requires additional future maintenance.
By default, only admin users are able to change other users' passwords. Admin users are also able to change the password of the admin console for on-premise installations.
Non-admin users are able to manage their own passwords once they have logged in to the system. For more information on this process, see Change Passwords.
Changing Other Users' Passwords
In some cases, admins may want or need to change the passwords for other users in the system. Use the following steps to change another user's password:
All on-premise installations are given the same default admin console password, so it's critical to change the password during the initial installation:
Each out-of-the-box knowledgebase is automatically populated with a number of sample users. Sample users are given easy-to-remember and therefore insecure passwords by default. These passwords should be changed if you plan to keep these user records. You can also simply delete the sample users, with some exceptions.
Three users are essential for certain functionalities and should never be deleted: anonymous, register, and guest. The system also contains four admin-level users that should be given highly secure passwords: admin, busadmin, ewsystem, and system.