Password Management


To enable the enforcement of password policy management, open the Board Server configuration panel and tick the “Manage passwords” check-box.



After enabling the checkbox, restart the service, the following policies will apply:


Change Password

- In the “insert/change password” screens, the password complexity is verified:

- Minimum 7 characters, and and must contain a number and a capital



Five Login Attemps

If a user types for 5 times a wrong password it is disabled for 30 minutes. In case the Admin resets the password (types a new one) the timer is also reset and the user can log-in immediately using the new password.



 Password expiry

All pwd expire after 90 days. After the expiry period, the user is forced to change his password and can’t proceed until the new pwd has been defined.


- The user can’t reuse an old password (history of last 5 passwords used).



Default Security Rules Edit

In the configuration file server_config_v2.xml it is possible to customize the following parameters of the policies:

ManagePassword="True" à if “False” then all policies are ignored, if set to “True” then all policies are enforced.

PasswordExpirationDays="90" à expiry period in of the password, in months.

MaxPasswordFails="5" à Number of allowed attempts before the locking occurs

RetryAfterMinutes="30" à Minutes of lock-out before new login attempts are allowed (unless password is reset).


if you change parameters in the XML file, remember to stop/start the Board service in order to apply the new values.

When an administrator gives the first password or resets a password, he can enforce a password change by ticking the check-box “ Force password change at next login”.