Configuring Passwords, Password Requirements or Settings
Protect your users' accounts by requiring a number of capital letters, digits, and more in their passwords.
View User Password Details
Go to Users > your identity pool.
Select the user for whom you want to check the password details:
When it was last updated.
When it expires.
Force Password Reset or Change Upon User's Next Login
Go to Users > your identity pool.
Select the user for whom you want the password to be reset.
Select Manage.
Select:
Force Reset Password - the user is forced to reset their password (go through forgot password flow) next time they try to sign in.
Once the user provides their email/phone and password, they get a prompt forcing them to go through the Forgot Password Flow. They need to provide their email or phone. Once they do that, they are asked to provide a new password and a verification code sent to their email/phone.
The user cannot successfully access the application until they reset their password.
Force Change Password - the user is prompted to change their password during their next login. Typically used in scenarios where the users are provided with a temporary password and they need to create a new and secure password upon their initial login.
Once the user provides their email/phone and their password, they are authenticated but are forced to change their password. Once the password is changed, the user can access the application.
Initiate Password Reset
Go to Users > your identity pool.
Select the user for whom you want the password to be reset.
Select Manage > Initiate Reset Password.
In this scenario, the user gets an email informing them that SecureAuth has received a request to reset the user's credentials. The user is asked to reset their credentials without even attempting to login.
Set Requirements for User Passwords
Go to Users > your identity pool > Sign-in and Sign-up.
Expand the Password Policy menu and set up password preferences in accordance with your organization's policy.
You can enforce:
Number of capital letters.
Number of lowercase letters.
Number of digits.
Number of special characters.
Number of most recent passwords that cannot be reused.
Minimal password length.
Number of days after password expires.
Save Changes.
Result: Your users are now required to set passwords that meet the password policy configured for the identity pool. The policy is applied only to the pool you have just configured - if you want to have it applied to different pools as well -- repeat the steps.
Configure Password Expiry Periods
It is recommended to set up password expiry period to ehance the security of your platform by ensuring that users change their passwords at regular intervals.
Go to Users > your identity pool > Sign-in and Sign-up.
Expand the Password Policy menu and configure the Expires After option.
When a password expires, the user is automatically forced to reset it to a new password. Setting the value to 0 disables the password expiration policy -- the password never expires.