Password Settings

Beginning with FileCloud 23.241, the New Accounts Must Change Password setting is enabled by default.
Prior to FileCloud 23.241, the New Accounts Must Change Password setting was disabled by default.

Beginning with FileCloud 23.241, the Skip password change on first login setting is disabled by default.
Prior to FileCloud 23.241, the Skip password change on first login setting was enabled by default.

 The following settings are applicable for the default FileCloud Admin, the Team Folder account and user accounts.


This section explains the password settings available in FileCloud installation.

The settings can be accessed by

  1. Log into FileCloud Administration Portal
  2. Click on Settings in the left navigation panel
  3. Click on Misc tab 
  4. Click on Password tab
  5. Change settings as needed
  6. Click Save.






Type
Description
Minimum Password LengthEnforces minimum character length for password (Applies to local account and NOT to AD/LDAP accounts). Default value is 14.
Enable Strong Passwords

Enabling this will require the password to contain at least one uppercase, lowercase, number and a special character in the password. Checked by default.

Applies only to local account and not to AD/LDAP account.

Disallow Commonly Used PasswordsPrevents users from using commonly used passwords for their user accounts. Checked by default. For more information, see Restrict Commonly Used Passwords.
Incorrect attempts before account lockout

For higher security, if users try logging in with the wrong password for more than the times specified here, their account will be locked out and they cannot login even if they type in their correct password. Default value is 5.

A value of 0 means account lockout with wrong password is disabled.

Account Lockout length in MinutesSpecifies time the account is locked out if wrong password is entered multiple times as specified in the option for max incorrect attempts. Default value is 5.

A value of 0 means lockout is disabled.
Disallow user login with passwordThis setting will disallow login for user accounts. DEFAULT allows login with password for all users.
User Password Expires In Days

If a value above 0 is entered, when a new user is created or when a password is changed, an expiration date for the password is added automatically.

NOTE: Automatic email notifications are sent to the user 7 days and 1 day before the actual password expiry date.

New accounts must change passwordWhen enabled, this setting forces new users to change their password on initial login, with the following exceptions:
  • When the user creates the new account through a registration form (the user adds a password in the form).
  • When the user has an AD account (the user is automatically assigned an AD password).


Default is enabled.

Skip password change on first loginDo not require password change on first login for accounts created during shared and new signups. Default is disabled.
Number of previous passwords that cannot be reusedSpecifies the number of previous passwords that cannot be reused when password is changed. A value of 0 indicates that there are no restrictions.
Reset password attempt intervalInterval in minutes between consecutive reset password attempts. Default is 5.

0 indicates that there is no restriction.
Send reset password email

Allows you to create an email that is automatically sent to a user when an admin resets the user's password. There is no default email; when this is checked, email subject and email content fields appear.

Email subject
is set to Password Changed! but may be changed. The note in Enter the text of the email below must be entered.

Unchecked by default.


Setting Account Locked Alerts

By default, FileCloud is set to not send an email message to the user or admin to notify them that the account has been locked due to incorrect login attempts. However, you may change this setting.

To change the Account Locked Alert setting:

  1. In the admin portal, go to Settings > Admin.
  2. Scroll down to the Account Locked Alert setting.
  3. In the drop-down list, choose one of the following settings:
    No Email - Neither the user nor the admin receives an email notification about the user account lockout.
    Email User - The user receives an email notification about their account lockout but the admin does not.
    Email User and Admin - Both the user and the admin receive an email about the user account lockout.