Skip to content

Password policy settings reference

This page lists every field in the MapleGather password policy, its allowed values, and its default, found under Admin & Security → Security → Password policy.

Setting Type Allowed values Default
Minimum length Integer 12 – 128 12
Require uppercase letter Boolean On / Off Off
Require lowercase letter Boolean On / Off Off
Require digit Boolean On / Off Off
Require special character Boolean On / Off Off
Password history Integer 1 – 24 10

Minimum length floor: The system enforces a minimum of 12 characters. You cannot set a value below 12.

Password history: Prevents a member from reusing any of their last N passwords when setting a new one.

Setting Type Allowed values Default
Max failed login attempts Integer 3 – 20 5

After N consecutive failed login attempts the account is locked. The locked account must be unlocked by an admin or via the password-reset flow.

Setting Default Applies when
Remember-me session 14 days Member checks “Stay signed in” at login.
Workstation session 8 hours Member logs in without “Stay signed in.”
Re-auth threshold for sensitive actions 5 minutes Member initiates a sensitive action (change password, add payment method, grant admin role) after a period of inactivity.