Mandatory password change

You can configure mandatory password changes:

• for all employees and users in BILLmanager;
• for a specific employee or user.

You can also configure the platform to check that when a user attempts to change their password, it matches:

• the user's login or email address;
• previous passwords.

With this configuration, users and employees see a notification about the need to change the password at the time of authorization.

To configure password change upon the next employee authorization:

1. Go to the Provider → Staff menu.
2. Select an employee.
3. Click Change password.
4. Click Ok.

To configure password change upon the next user authorization:

1. Go to the Clients → Users menu.
2. Select the employee.
3. Click Change password.
4. Click Ok.

To configure changing passwords for all employees or users:

1. Go to the Provider → Password settings menu.
2. Set the Password complexity level:
   • do not check;
   • weak;
   • good;
   • strong.
     Read more about password strength levels in Configuration file.
3. Enable the Require employees to change password option. When enabled, fill in the fields:
   1. Warn after — the time in days after which BILLmanager issues a warning to the employee about the need to change the password.
   2. Block after — the time in days after which the employee must change the password to continue working in the system.
   3. Exclude employees — specify separated by spaces the IDs of employees who will not need to change the password upon the next authorization.
4. Enable the Require users to change password option. When enabled, fill in the fields:
   1. Warn after — the time in days after which BILLmanager issues a warning to the user about the need to change the password.
   2. Block after — the time in days after which the user must change the password to continue working in the system.
   3. Exclude users — specify separated by spaces the IDs of users who will not need to change the password upon the next authorization.

5. Set the date in the Do not block till field. This is the date until which the access of employees and users will not be blocked if they have not changed the password.

   Example

   For example, the user set a new password on 01.01.2021. The administrator specified the parameters "Warn after 25 days", "Block access after 30 days", and "Do not block access until 2021-03-31" in the settings. Starting from 26.01.2021, upon authorization, the user will see a notification about the need to change the password. If the user does not change the password before 31.03.2021, the user's access to the platform will be blocked.
6. Compare password with login/email — enable this option to prevent users from setting a password that matches their login or email.
7. Compare the new password with the previous ones — enable this option to compare the new password with previous passwords when changing a password. If this option is enabled, in the Password history depth field, specify the number of recent passwords to compare the new password with.