Set Password Reset properties

You can specify properties that configure the Password Reset experience for end users.

Before you begin

Role required: password_reset_admin

About this task

While there are no range limits for the values you can enter for properties, consider using only positive integer values starting at 1. When you determine the limit for the upper range of a property, consider the task that the user is performing.

For example, you would not want to allow 100 attempts for users to verify their identity. A more common value is 3 attempts. Similarly, you may not want to force users who are completing the enrollment process to spend time selecting and answering 30 security questions. The more commonly used number of security questions is between 5 and 7.

Procedure

  1. Navigate to Password Reset > Properties.
  2. Update settings as needed and then click Save.
    Table 1. Password reset properties
    Text on the Password Reset properties page Name Description
    Password Reset Global properties
    Workflow polling frequency password_reset.wf.refresh_rate Time period between checks on status of the workflow.
    • Type: integer
    • Default value: 90000 (milliseconds)
    Workflow expiration password_reset.wf.timeout Maximum wait time, in milliseconds, for the workflow to execute. The workflow is triggered during the password reset request when the user clicks Submit.
    • Type: integer
    • Default value: 500 (milliseconds)
    Disable CAPTCHA validation functionality password_reset.captcha.ignore Enables or disables CAPTCHA functionality.
    • Type: true|false
    • Default value: false

    The Password Reset application uses Google re-CAPTCHA as the default CAPTCHA service. To use the base system CAPTCHA, change the password_reset.captcha.google.enabled system property to false.

    See Configure Google reCAPTCHA

    Password Reset Request properties
    Number of unsuccessful attempts allowed for resetting/changing password password_reset.request.max_attempt Number of password reset attempts a user has before they are locked out for a period determined by the value in max_attempt_window.
    • Type: integer
    • Default value: 3 (attempts)
    Number of minutes a user needs to wait for resetting/changing password after exceeding the maximum allowed unsuccessful attempts password_reset.request.max_attempt_window Time period that users are blocked or prevented from changing their passwords after trying the maximum number of times.
    • Type: integer
    • Default value: 1440 (minutes)
    Number of minutes a user needs to wait to reset/change password after the last successful reset/change password_reset.request.success_window Time period that a user must wait after successfully resetting the password to reset the password again.
    • Type: integer
    • Default value: 1440 (minutes)
    Number of minutes a user needs to wait to start a reset request after the last successful unlock account password_reset.request.unlock_window Time period that a user must wait after a successful unlock operation before starting a new request.
    • Type: integer
    • Default value: 1440 (minutes)
    Number of minutes before a password reset request expires password_reset.request.expiry Time period that a user is allowed to perform the password reset process.
    • Type: integer
    • Default value: 10 (minutes)
    Password Reset Security Question properties
    Minimum number of characters in any answer password_reset.qa.ans_min_len Minimum number of alphanumeric characters that the user must enter in the answer text box for any security question.

    Default value: 3 characters

    Number of security questions required during the password reset request password_reset.qa.num_reset
    Number of questions that a user must answer to verify identity during the password reset process.
    • Type: integer
    • Default value: 3 (questions)
    • Possible values: integers that are less than the number specified for the num_enroll property.
    Note: You can override this security question property by adding the num_reset parameter in the security question verification.
    Number of security questions required during enrollment password_reset.qa.num_enroll
    During the enrollment process, the number of questions that a user must answer to be enrolled in the password reset program.
    • Type: integer
    • Default value: 5 (questions)
    Note: You can override this security question property by adding the num_enroll parameter in the security question verification.
    Password Reset SMS Code properties
    Maximum number of SMS codes sent for verification per day password_reset.sms.max_per_day
    Maximum number of SMS codes that are sent to a user within one 24-hour period. The 24-hour period begins when a user clicks Send Code.
    • Type: integer
    • Default value: 10 (per day)
    Note: You can override this SMS code property by adding the max_per_day parameter in the SMS code verification.
    Number of minutes before the user can attempt to send another SMS code for verification password_reset.sms.pause_window
    Time that must pass before another SMS code can be sent to a user.
    • Type: integer
    • Default value: 2 (minutes)
    Note: You can override this SMS code property by adding the pause_window parameter in the SMS code verification.
    Number of digits in the SMS code sent to the user password_reset.sms.default_complexity
    Number of characters required for a user to reset their password.
    • Type: integer
    • Default value: 4 (digits)

    You can override this SMS code property by adding the complexity parameter in the SMS code verification.

    Number of minutes before the SMS code expires password_reset.sms.expiry
    Time, in minutes, until the SMS code sent to the user expires.
    • Type: integer
    • Default value: 5 (minutes)
    Note: You can override this SMS code property by the expiry parameter in the SMS code verification.
    Password Reset Monitoring and Reporting properties
    Time interval, in minutes, for counting blocked users password_reset.activity_monitor.incident_window Time window to count the number of blocked users.
    • Type: integer
    • Default value: 60 (minutes)
    Number of blocked users, in the defined time interval, that triggers a system log event password_reset.activity_monitor.incident_threshold Number of blocked (or locked) users, within the specified time window, that triggers a system log event.
    • Type: integer
    • Default value: 10 (blocked users)