Skip to main content

Checkup Documentation

Force password policy on logon

cms-settingskey-force-password-policy-login

severity-high

Summary

Important Security Note: If your site has custom authorization configured this check may not be applicable.

Password Policies help keep your site secure by requiring newly created passwords to meet criteria set within the Kentico Xperience settings. The Force Password Policy setting forces existing users to update their passwords to match the password policy when they login ensures compliance across your site.


Check Logic

Constant Care for Kentico will ensure the Force password policy setting is turned on (default)

You can manage your settings for this checkup in the Constant Care for Kentico admin settings.


Verifying The Check

To determine whether your site's Password Policy is turned on you can navigate to the Settings Application and then find the Security & Membership > Passwords settings.

From there you will want to find the Password Policy section and verify whether the Force Password Policy On Logon checkbox is checked. We recommend that the Force Password Policy On Logon setting be turned on.

Changes to your site should only be made by an experienced Kentico Xperience developer. If you need assistance in making these changes please reach out to the Toolkit For Kentico team to be connected with a Kentico Xperience partner.