Articles in this section

See more

Create a Domain Password Policy

  • Updated

Secure user's information with greater control over password requirements.

Note: If you set up Single Sign-On (SSO) for Pearson Connexus using SAML or CAS and checked the Prevent users from using Pearson Connexus credentials box, you aren't able to set up a password policy using Pearson Connexus.

To set your password policy:

  1. Select More from the Header menu and then select Domain Settings.

Screenshot of the More menu with the drop-down menu expanded.

  1. Locate the Authentication-password policy card and complete the following sections:
  • password lockout, expiration, and reset settings
  • volatile password-strength settings
  • basic password-strength settings
  • Multi-factor authentication

Save when you have finished.

  • Note: It may take up to 15 minutes to apply password-policy changes.  

Screenshot of the Authentication-password policy card.

Policies and enforcement appear to users in the Change password screen.

Screenshot of a user's Change Password screen. Policies for passwords appear in the window.

Password Lockout, Expiration, and Reset Settings

As part of your password policy, you can control when users are locked out of their account, how lockouts work, if and when passwords expire, and how often users can reuse a previously used password.

You are asked to define:

  1. The number of unsuccessful login attempts before lockout. This number must be between 1-100.
  2. The number of minutes until lockout expires.
    • By default, lockouts don't expire, meaning admins must override them.
    • If you enter a number, it must be a positive, whole number.
  3. The number of days until passwords expire. By default, passwords don't expire.
  4. The number of days to wait before you can reuse a password. By default, there is no wait.
  5. The number of days to wait before locking out stale accounts (accounts without login). By default, there is no lockout for stale accounts.

Screenshot of the Authentication-password policy card. Numbered markers indicate the located described by the bullets above.

Volatile Password-Strength Settings

Your volatile password-strength settings are intended to help users secure their accounts. These are called volatile because future events can occur, making previously secure passwords no longer secure.

You are able to specify:

  1. The Minimum-allowed password strength (entropy). This is a numeric measure of how easily a password can be discovered in an attack; the greater the entropy number, the stronger the password. A strength of 64 or higher is recommended. Select Help me choose to learn more.
  2. Any Domain-specific words that weaken password strength. Here you can enter terms that users might be tempted to use, but would weaken the password (e.g., the name of the platform or the name of their school).
  3. The action you want Pearson Connexus to take when users have passwords that don't conform with your Volatile password-strength settings. Options include combinations of warnings or requirements users get when logging in or changing passwords:
    • None
    • Warn on password change
    • Require on password change
    • Warn on login and require on password change
    • Require on login and require on password change
  4. The desired level of Reject known-breached password enforcement. If the password appears in a database of compromised passwords, Pearson Connexus can be set up to take any of the following actions:
    • None
    • Warn on password change
    • Require on password change
    • Warn on login and require on password change
    • Require on login and require on password change

Screenshot of the Volatile password-strength card. Numbered markers correspond with the bullets above.

 

Basic Password-strength Settings

Your Basic password-strength settings include:

  1. The Minimum password length in characters. This number must be between 1-100
  2. The Minimum character classes used, up to four (a-z, A-Z, 0-9, other).
  3. The action you want Pearson Connexus to take when users have passwords that don't conform with your Basic password-strength settings. Options include combinations of warnings or requirements users get when logging in or changing passwords:
    • None
    • Warn on password change
    • Require on password change
    • Warn on login and require on password change
    • Require on login and require on password change

Screenshot of the Basic password-strength card. Numbered markers correspond with the bullets above.

Policies and enforcement appear to users in the Change password screen.

Image of the change password screen with the updated domain password settings in effect.

ISO Duration Designators

ISO durations use one-letter designators and a simple format to indicate standardized time intervals. To enter a duration:

  1. Enter P (period) if you want to use days, weeks, months, or years as your unit of time, and PT (period, time) if you want to use seconds, minutes, or hours.
  2. Enter the number of units that you want to use.
  3. Enter the desired time unit designators:
    • D (days), W (weeks), M (months), Y (years) if you used P.
    • S (seconds), M (minutes), H (hours) if you used PT.

Enable Students to Change their Passwords

  1. In Domain Settings, locate the Student Options card.
  2. Check the box next to Allow students to change their password.

Image of the Domain Settings screen with the Student Options card showing. The option for Allow students to change their password is highlighted.

Multi-factor Authentication

Multi-factor authentication provides an additional layer of security for users by requiring them to use a second device with an authentication app to log into their account.

Enable Multi-factor Authentication (MFA) Login for Users

Screenshot of the MFA screen in Domain Settings.

Additional Articles

 

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles