Password Policies

Password Policies

Admins can set up a password policy either on an app-by-app basis, or on an account-by-account basis. Password policies can be customised to force passwords to be a specific length and/or include special characters. 
Password policies are also where admins can choose to hide the updated password from the user and can also choose to enforce the policy for all users.

Password Generator

My1Login's Password Generator automatically generates long, random, high-entropy passwords for users’ web applications during the registration process on compatible web sites. This feature can be enabled for all applications, by enabling the “Allow Generic Password Change” option on the Settings panel in the Administration portal.

A standard password change form will look like this without the password generator: 

With the password generator, the user will see this:

Users will be able to automatically generate and store new passwords with My1Login. In addition to this they don’t need to do this twice as at the same time the new password is saved with the respective third party website.

Password Options within the generator allow users to be able to change how their passwords generate by changing what characteristics, this includes:
  1. Requirement for Uppercase Characters
  2. Requirement for Lowercase Characters
  3. Requirement for Numeric Characters
  4. Requirement for Special Characters
  5. Length of Password

Forced Application Password Change

This feature allows admins to force users to update their passwords automatically either based upon age of when it was last changed or password strength requirements.
The My1Login team will  configure a password change script on your behalf. 

Enabling Forced Password Change

As an admin, you can enable automation around when a user has to change their password either time lapsed or by password strength requirements.

  1. In the admin portal, navigate to Apps | Applications
  2. Within Web Applications find the web app you wish to enable password change on and highlight it
  3. Click on the shield icon to view dialogue box:
    1. Forced Password Change successfully enabled:

    2. No Forced Password Change Script:

Setting Password Rules

Password policies set in My1Login should align with the minimum requirements of the third party application.

My1Login provides the following options for password rules within a password policy:
  1. Requirement for Uppercase Characters
  2. Requirement for Lowercase Characters
  3. Requirement for Numeric Characters
  4. Requirement for Special Characters
  5. Minimum Length
  6. Maximum Length
  7. Hide Updated Password From User
  8. Applies To All Users
  9. Disable Generic Password Change
  10. Force Expiry
  11. Enforce Policy Compliance
  12. Force Change On Next Login
  13. Allow Manual Password Update
Requirement for ““ Characters: The Requirements for characters specify their respective character type.
““ Length: Minimum and maximum length of the generated password.
Hide Updated Password From User: When a password is updated through the password policy, it can no longer be viewed in plain text by the user.
Applies to All Users: The policy is set to all users on the account.
Disable Generic Password Change: The password generator does not appear on the third party sites password change page.
Force Expiry: After a set number of days, the auto password change is ran for that user the next time they log into the site.
Enforce Policy Compliance: The policy settings for the required characters are guaranteed in the password generation.
Force Change On Next Login: The next time a user logs into the third party site, their password is changed via the password change page.
Allow Manual Password Update: Users are allowed to update their password using the password generator on their own accord.

Obscuring Passwords

With both automatic password change and with sharing credentials, passwords can be hidden from the user’s view. Within the password policy for automatic password change there is an option called “Hide Updated Password From User“, the next time users update their password, they will not be able to view the password.

My1Login's automatic password change functionality relies upon the third party site not changing the necessary links and structure