Versions Compared

Old Version 17

changes.mady.by.user Lou M (Unlicensed)

Saved on

compared with

New Version 18

changes.mady.by.user MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

In Abiquo, you can enforce your password best practice to improve user password security and usability. And you can allow users to reset their passwords.

The password options can:

  • Prevent users from changing between a set of common passwords

  • Ensure that users change their passwords periodically

  • Prevent users from quickly reverting to an old password

  • Require a minimum password length

  • Require complex passwords that do not contain the users name and include at least three of the following five categories: uppercase letters, lowercase letters, digits, non-alphanumeric characters and other unicode characters.

  • Deter multiple attempts to break into a user account

  • Allow users to reset their passwords and provide the URI for password reset.

Configure password reset

Optionally configure reCAPTCHA

...

Code Block
"client.captcha.publickey" : ""

Set the private key in abiquo.properties :

Code Block
abiquo.captcha.private.key=

...

Configure reset password email and URI

See Configure custom platform messages

Users can reset their password in the UI by clicking on the Forgot your password? link.

Image RemovedImage Added


You can configure the link address in the Configuration View, but if you do not wish to allow the user to reset their password, you should edit the client-config-custom.json file and set the client password recovery value to false.

...

When it is true, the default password reset link will open the following dialog.Image Removed

...


Password UI configuration

Set up passwords in Configuration view on the Password page: Image Removed

...

Click Edit to see more information about the range of values and the default. Image Removed

...

For full documentation see Configuration view#Security

...

When you create a user, you can select an option to ensure they reset their password on login.Image Removed

...


Locked users

A user that is locked out for too many failed login attempts is marked as Suspended in Users view in both the list view and the card view.Image Removed

...

The administrator can manually activate the account or the user can wait for the lockout period to end. Image Removed

...

API

Added to LoginResource


Password events

The Abiquo events related to passwords can be found in the  Users section of the Events table.