![2617210b577d672136104a4f5660e04f07acf843-removebg-preview.png]](https://help.knowledgeanywhere.com/hs-fs/hubfs/2617210b577d672136104a4f5660e04f07acf843-removebg-preview.png?height=40&name=2617210b577d672136104a4f5660e04f07acf843-removebg-preview.png){kind=small}
⚠️ These controls are provided to help meet organizational compliance objectives. Your quality/regulatory team should determine final suitability for your use.
What the LMS does automatically behind the scenes:
- Password Requirements: All Passwords must contain the below parameters by default
- All passwords must be at least 8 characters
- contain at least one uppercase letter
- contain at least one lowercase letter
- contain at least one number
- contain at least one special character
-
Maintained weak-password lists: New passwords are checked against one or more curated lists of common weak choices (e.g., a 10k list). Exact matches are blocked automatically.
- Block easily-guessed passwords: Enables screening so the system rejects common weak passwords and close variants. If a weak password is entered, text will appear: “Password error. The password you selected is similar to a commonly used password and is not secure. Please change it and try again.”
-
“Too-similar” detection: The system rejects passwords that are only a couple of small edits away from a weak one (e.g.,
p@ssword,!password1are treated likepassword). This uses a standard edit-distance check (two or fewer changes).
What you can configure:
Admins can require periodic password changes ensuring account security for their learners
-
Password expiration: Turn it on and choose how often users must change passwords (commonly 60–90 days for learners; shorter for admins). When a password expires, the user is prompted to reset before continuing. Users are sent an email detailing the password changes and will need to confirm the password change
- This option lives under Admin Dashboard > Settings > Site Personalization > Site > Options.
- The recommended default 90 days.
-
Account actions: When needed, force a password reset for a single user or disable an account (e.g., off-boarding or suspected compromise).
- These options can be found when viewing a learner's profile.
- When changing a password for a learner, it must be entered twice to ensure it's correct and a validation checker appears to ensure the password meets the requirements.
- Utilize the Force Password Change to make the password a temporary one so your learner can change it to one that is more satisfactory to their taste.
- Domain Restrictions: The LMS allows an admin to create a list of blocked domains, ideal for ensuring only certain types email is utilized to register.
- This option lives under Admin Dashboard > Messages > Email Settings.