In CloudBlue Commerce, you can set up password expiration options for users (staff members and service users) belonging to all CloudBlue Commerce account types (provider, reseller or customer). Such policies can be set separately for each account type. For details about account and user concepts in CloudBlue Commerce, refer to this section.
After a user's password expires, during the next login attempt (with the correct credentials) a user is redirected to the login screen, where the password expiration notification is displayed.
Changing passwords on a regular basis is a security measure designed to protect users' data from unauthorized access. You can set up the ultimate level of password protection using the combination of the password expiration and password quality options.
Password expiration settings are configured by CloudBlue Commerce users for their subordinate account users (for example, by a reseller for their customers) using password expiration policies, which define:
- The length of time after which a user's password expires
- The ability for a subordinate account user to change (overwrite) the policy set for their account type (you may lock or unlock the policy for editing).
Password expiration settings defined for subordinate accounts and a provider or reseller's own users are propagated to their control panels as password expiration defaults, which can or cannot be overwritten (depending on whether the policy was locked or not locked for editing).
Settings defined for reseller account type are propagated to resellers' subordinate resellers and customers.
It is also possible to regulate the length of users' password history storage period (system-wide), to avoid the situation when a user specifies the same password several times within a short time period. For details about configuring and managing all these options, read the subsections below.