Start FileCloud FREE Trial
Log in

Password Settings

Beginning with FileCloud 23.241, the New Accounts Must Change Password setting is enabled by default.
Prior to FileCloud 23.241, the New Accounts Must Change Password setting was disabled by default.

Beginning with FileCloud 23.241, the Skip password change on first login setting is disabled by default.
Prior to FileCloud 23.241, the Skip password change on first login setting was enabled by default.

 The following settings are applicable for the default FileCloud Admin, the Team Folder account and user accounts.


This section explains the password settings available in FileCloud installation.

To view or change the password settings:

  1. Open the Password settings page.
    1. In the FileCloud admin portal's left navigation bar, scroll down and click Settings. Then, on the Settings navigation page, click Misc .
    2. In the inner navigation bar on the left of the Settings page, expand the Misc menu, and click Password, as shown below.

    The Password settings page opens.

  2. Change any of the settings according to your security requirements.

    Type

    Description

    Minimum Password LengthEnforces minimum character length for password (Applies to local account and NOT to AD/LDAP accounts). Default value is 14.
    Enable Strong Passwords

    Enabling this will require the password to contain at least one uppercase, lowercase, number and a special character in the password. Checked by default.

    Applies only to local account and not to AD/LDAP account.

    Disallow Commonly Used PasswordsPrevents users from using commonly used passwords for their user accounts. Enabled by default. For more information, see Restrict Commonly Used Passwords.
    Incorrect attempts before account lockout

    For higher security, if users try logging in with the wrong password for more than the times specified here, their account will be locked out and they cannot login even if they type in their correct password. Default value is 5.

    A value of 0 means account lockout with wrong password is disabled.

    Account Lockout length in MinutesSpecifies time the account is locked out if wrong password is entered multiple times as specified in the option for max incorrect attempts. Default value is 5.

    A value of 0 means lockout is disabled.
    Disallow user login with passwordThis setting will disallow login for user accounts. DEFAULT allows login with password for all users.
    User Password Expires In Days

    If a value above 0 is entered, when a new user is created or when a password is changed, an expiration date for the password is added automatically.

    NOTE: Automatic email notifications are sent to the user 7 days and 1 day before the actual password expiry date.

    New accounts must change passwordWhen enabled, this setting forces new users to change their password on initial login, with the following exceptions:
    • When the user creates the new account through a registration form (the user adds a password in the form).
    • When the user has an AD account (the user is automatically assigned an AD password).
    • When the user logs in using SSO.


    Default is enabled.

    Skip password change on first loginDo not require password change on first login for accounts created during shared and new signups. Default is disabled.
    Number of previous passwords that cannot be reusedSpecifies the number of previous passwords that cannot be reused when password is changed. A value of 0 indicates that there are no restrictions.
    Reset password attempt intervalInterval in minutes between consecutive reset password attempts. Default is 5.

    0 indicates that there is no restriction.
    Send reset password email

    Allows you to create an email that is automatically sent to a user when an admin resets the user's password. There is no default email; when this is enabled, email subject and email content fields appear.

    Email subject     is set to Password Changed! but may be changed. The note in Enter the text of the email below must be entered.

    Disabled by default.

  3. Click Save.

Setting Account Locked Alerts

By default, FileCloud is set to not send an email message to the user or admin to notify them that the account has been locked due to incorrect login attempts. However, you may change this setting.

To change the Account Locked Alert setting:

  1. In the FileCloud admin portal's left navigation bar, scroll down and click Settings. Then, on the Settings navigation page, click Admin .
    The Admin settings page opens.
  2. Scroll down to the Send account locked email setting.
  3. In the drop-down list, choose one of the following settings:
    No Email - Neither the user nor the admin receives an email notification about the user account lockout.
    Email User - The user receives an email notification about their account lockout but the admin does not.
    Email User and Admin - Both the user and the admin receive an email about the user account lockout.