Enabling Strong Passwords

Version 20.5
Path: Admin tab > Global Preferences > Security tab

Overview

Enabling strong passwords is a way to apply a defined list of password settings for all users. Click here to review OP's recommendations for creating and maintaining Strong Passwords. 

WarningIf an Administrator changes the password requirements for users by either disabling or enabling Strong Passwords, all user passwords will need to be reset.

Enable Strong Passwords

  1. Navigate to the Security tab of the System Preferences window by following the path above.
  2. Select the Use strong password validation checkbox.
  3. Complete the password rules. Once rules are saved, if any of the rules are not followed during password creation, the password will be denied. These rules do not operate independently. Meaning, you must enable strong passwords in order to set all of the rules. The image below is followed by a description of what each setting means as it relates to what is entered in each field: 

  • Users must enter a password of 8 or more characters.
  • If a user enter an incorrect password 3 times in a row, their login will be disabled.
  • If a user resets their password, and it is one of the last 6 passwords used, they will be prompted to enter another password.
  • User must wait at least 7 days before changing their password again. This prevents the quick recycling of passwords to get back to a previously used password.
  • Users must change their passwords every 30 days. 

NoteThe value entered in the Minimum # of days setting must always be less than the value entered in the Maximum # of days setting.

  • The user will be reminded 5 days before the 90 day maximum (set in the rule above) that their password is about to expire.

Re-enable Disabled Users

Users are automatically disabled when they have exceeded the number of consecutive login attempts (per the set rules) or when a user’s Login ID is changed. In the latter scenario, OP will also remove that user from all Membership categories in the Security Administration window. Users can be re-enabled by a Practice Administrator. To re-enable a user:

  1. Navigate to the Security Settings window:  Admin tab > Security Administration.
  2. Select the user from the Users column in the left panel of the window.
  3. Right-click the user's name and select Edit User.
  4. Select the Enabled checkbox.
Version 20.4
Path: Admin tab > Global Preferences > Security tab

Overview

Enabling strong passwords is a way to apply a defined list of password settings for all users. Click here to review OP's recommendations for creating and maintaining Strong Passwords.

WarningIf the Strong Password feature is disabled or enabled, all user passwords will need to be reset. 

Enable Strong Passwords

  1. Navigate to the System Preferences window by following the path above.
  2. Select the Use strong password validation checkbox. 
  3. Complete the password rules. Once rules are saved, if any of the rules are not followed during password creation, the password will be denied. These rules do not operate independently. Meaning, you must enable strong passwords in order to set all of the rules. The image below is followed by a description of what each setting means as it relates to what is entered each field: 

  • The user must enter a password of 8 or more characters
  • If the user enters an incorrect password 3 times in a row, the login will be disabled.
  • If a user resets the password, and it is one of the last 6 passwords used, the user will be prompted to enter another password.
  • If a user resets the password, the user will not be permitted to reset the password within the next 90 days. This keeps a user from quickly recycling a password.

Note: Given the setting of the Minimum # of days the user cannot, in one sitting, change the password 6 times to get back to their original password. The user must set the password and then wait 90 days before setting the password again.

Re-enable Disabled Users

Users are automatically disabled when they have exceeded the number of consecutive login attempts (per the set rules) or when a user’s Login ID is changed. In the latter scenario, OP will also remove that user from all Membership categories in the Security Administration window. Users can be re-enabled by a Practice Administrator. To re-enable a user:

  1. Navigate to the Security Settings window:  Admin tab > Security Administration.
  2. Select the user from the Users column in the left panel of the window.
  3. Right-click the user's name and select Edit User.
  4. Select the Enabled checkbox.