Standard Password Requirements
These requirements are enforced on all accounts, and are not configurable.
- A password must have a minimum length of 8 characters.
- A password must contain at least one small letter, one capital letter, and one digit. (In other words, all three must be present.)
User Lockout
After 5 incorrect login attempts, the user will be locked out of Erply for 10 minutes.
(An administrator can end the lockout from the Settings > Users module in back office.)
Password Reset
A user can reset their own password if:
- Their username is an email address.
- Or, if there is an email address on their employee form.
When they request a password reset, a one-time link will be emailed to that address.
Account administrators can be notified about password resets. Depending on which system handles the password reset, the notification either:
- Gets emailed automatically to the general email address on the company card,
- or the recipients can be configured in back office, Settings > Configuration Admin > Login & Security Settings.
Optional Requirements
The following settings are available, and are configurable in back office, Settings > All Settings > Account Security Settings:
- A higher minimum length for administrators' passwords.
- A requirement that an administrator's password must contain at least one special character.
- Password history: users cannot reuse their previous 1...10 passwords.
- Mandatory password changes (password expiry).
See the instructions for setting up mandatory password changes.
Two-Step Authentication
Instructions for setting up two-step authentication are available here.