Wiki

    Contact support:

    Email: support@erply.com

    7 Dec, 2022
    Permalink:
    Also available in:EstonianFinnish

    Password Policy

    Standard Password Requirements

    These requirements are enforced on all accounts, and are not configurable.

    1. A password must have a minimum length of 8 characters.
    2. A password must contain at least one small letter, one capital letter, and one digit. (In other words, all three must be present.)

    User Lockout

    After 5 incorrect login attempts, the user will be locked out of Erply for 10 minutes. 

    (An administrator can end the lockout from the Settings > Users module in back office.)

    Password Reset

    A user can reset their own password if:

    1. Their username is an email address.
    2. Or, if there is an email address on their employee form.

    When they request a password reset, a one-time link will be emailed to that address.

    Account administrators can be notified about password resets. Depending on which system handles the password reset, the notification either:

    1. Gets emailed automatically to the general email address on the company card,
    2. or the recipients can be configured in back office, Settings > Configuration Admin > Login & Security Settings.

    Optional Requirements

    The following settings are available, and are configurable in back office, Settings > All Settings > Account Security Settings:

    1. A higher minimum length for administrators' passwords.
    2. A requirement that an administrator's password must contain at least one special character.
    3. Password history: users cannot reuse their previous 1...10 passwords.
    4. Mandatory password changes (password expiry).

    See the instructions for setting up mandatory password changes.

    Two-Step Authentication

    Instructions for setting up two-step authentication are available here.