The User Sign-In Policies interface allows you to choose how rigid or relaxed you want your User password enforcement to be. These settings were designed to be compliant with the GDPR requirements for the EU, but are also useful to all users worldwide.
Clicking the "Set GDPR defaults for European Union" link will populate the settings for you;
Session Timeout
Allows you automatically sign-out users that are inactive for more than X minutes.
Require strong passwords
Passwords must be 12 characters in length, with at least one number, one capital letter, and one special character.
Lock user on failed successive sign-ins
Allows you lock out a user after X number of failed sign-in attempts and choose for how long they will be locked out.
Cannot repeat old passwords
Allows you set whether or not to allow users to be able to re-use old passwords. If you choose this option you can decide how many of the most recent passwords used cannot be re-used. This number must be between 1 and 10.
Must change password every X days
Allows you force users to change their passwords.
Minimum password age
Allows you to set a time duration, in hours, before a password change can be made. This number must be 24 and 300.
Administrators can set user passwords
Allows you decide whether or not SI Administrators can set user passwords. If this option is not selected then a temporary password will be created when a new user is created.
Sync user sign-in policies to Mobile Install
Allows you enforce the rules above to the Mobile Install web interface.
Sync user sign-in policies to Customer Portal
Allows you enforce the rules above to the Customer Portal web interface.