Under Registration and login options, set up how your website users register and log in. For example, you can set a minimum character length for passwords on your website and configure the program to temporarily lock an account after a set number of failed login attempts.
| 1. | In the Member login page field, select the web page from Pages & templates to automatically appear as your website’s login page. |
Warning: When you have multiple websites, make sure you select the login page for the same site as this setting. For example, you select Registration and login options for Site B. In the Member login page field, make sure you select the login page for Site B. If you select the login page for Site A, users do not have access to Site B.
| 2. | Select Require complex passwords to apply additional password security. A complex password must contain at least eight characters, including one upper-case and one lower-case letter, and either a special character or a number. |
When you select Require complex passwords, the Password minimum length field and Passwords are case-sensitive checkbox are disabled.
Note: Users with Supervisor rights must always enter a complex password.
Note: To help you comply with the Payment Card Industry Data Security Standard (PCI DSS), users with Supervisor rights must change their passwords at least every 90 days. Supervisor users are logged out of the program automatically when it is idle for more than 15 minutes. To avoid this, select the Remember me checkbox when you log in to the program. In addition, new passwords cannot match one of the last four passwords entered by the user.
| 3. | In the Password minimum length field, enter the minimum number of characters to allow for passwords. To not require a password and allow users to register and log in with only a user name, enter “0.” |
Note: If you enter “0” in the Password minimum length field, when you click Save, the field’s background color changes to red. This visual reminder indicates that users do not need to enter a password to access your website.
| 4. | To make passwords case-sensitive, select Passwords are case-sensitive. This checkbox applies only to new members. |
| 5. | In the Lock account after attempts field, enter the number of attempts to allow the user to log in correctly. For example, to lock an account after three failed attempts, enter “3.” |
To keep an account available regardless of the number of failed attempts, enter “0.”
Note: You can unlock a user’s account in Users & Security. For more information, see View and edit a user.
| 6. | In the Account lockout duration field, enter how long, in minutes, the program should lock an account after its user reaches the failed login attempt limit. |
To keep an account available regardless of the number of failed attempts, enter “0.”
| 7. | Under Email opt-in, select Opt in new users to receive email messages to set a default for new users to accept email messages from your organization. You can place a User Email Preferences Form part on your website to allow users to change the default. This setting does not affect notifications or acknowledgements. |
Note: In some cases, legal restrictions may prohibit you from sending email messages to users by default. To require website users to opt in to receive email messages, clear Opt in new users to receive email messages and create a User Email Preferences Form part for users to subscribe to email messages. For information about the User Email Preferences Form part, User Email Preferences Form.
Note: When you import offline users, the email setting associated with those users overwrites the online default setting.
| 8. | To save the settings, click Save. |