Can WebCATS users manage their own passwords?
Yes! But only if a WebCATS administrator allows it from WebCATS' global configurations, as shown in the next graphic. In fact, there are many password settings that administrators can take advantage of to make password management (1) more convenient for the database's users and (2) more secure. Each of these settings is discussed next.
Allow user password change?
When the Allow user password change? configuration is set to "Yes," users can update their passwords at any time from their WebCATS home page (i.e. dashboard), as shown in the next graphic.
.gif)
Note: This first setting must be active in order for the other password management settings to be available.
Allow user password reset?
When the Allow user password reset? configuration is set to "Yes," users that have forgotten their passwords can request a password reset from the login page. Because this is a less secure action than changing a password after logging in, WebCATS requires that the user provide an e-mail address when requesting a password reset. If the e-mail address provided by the user matches an e-mail address stored in a user account record, the password is successfully reset and the user is e-mailed a new random password. If WebCATS cannot find a matching e-mail address (or if there are multiple active user accounts all referencing the same e-mail address), the user is told to contact a WebCATS administrator for assistance.
.gif)
User Password Expiration
WebCATS administrators can enforce auto-expirations of user passwords to reduce the chance of password compromise simply by entering a number of days into the User password expiration field. When this configuration is in place, a user's home page will display how many days are left until their password expires. If a user logs in past the allotted number of days, they will be required to change their password before they can perform any other activity within WebCATS.
Note: To manually force password expiration for an account (perhaps the password was compromised), a WebCATS administrator can go into the user's account record (found under Manage|Accounts) and remove the date from the Last Password Update field. The next time that user logs in, they will be required to change their password before proceeding with their normal WebCATS' activities.
Minimum Password Length and Password Complexity
WebCATS administrators can force password strength by using the Minimum password length and Password complexity fields in combination.
Want more? Browse our extensive list of WebCATS FAQs.