Password policy settings reference
This page lists every field in the MapleGather password policy, its allowed values, and its default, found under Admin & Security → Security → Password policy.
Password strength
Section titled “Password strength”| Setting | Type | Allowed values | Default |
|---|---|---|---|
| Minimum length | Integer | 12 – 128 | 12 |
| Require uppercase letter | Boolean | On / Off | Off |
| Require lowercase letter | Boolean | On / Off | Off |
| Require digit | Boolean | On / Off | Off |
| Require special character | Boolean | On / Off | Off |
| Password history | Integer | 1 – 24 | 10 |
Minimum length floor: The system enforces a minimum of 12 characters. You cannot set a value below 12.
Password history: Prevents a member from reusing any of their last N passwords when setting a new one.
Account lockout
Section titled “Account lockout”| Setting | Type | Allowed values | Default |
|---|---|---|---|
| Max failed login attempts | Integer | 3 – 20 | 5 |
After N consecutive failed login attempts the account is locked. The locked account must be unlocked by an admin or via the password-reset flow.
Session lifetime
Section titled “Session lifetime”| Setting | Default | Applies when |
|---|---|---|
| Remember-me session | 14 days | Member checks “Stay signed in” at login. |
| Workstation session | 8 hours | Member logs in without “Stay signed in.” |
| Re-auth threshold for sensitive actions | 5 minutes | Member initiates a sensitive action (change password, add payment method, grant admin role) after a period of inactivity. |