How do I change the password settings in HIFIS?

There are two distinct places where some values can be changed:

Front-End

This can be configured by a HIFIS Administrator. If that describes you, here are the instructions you’ll need:

  1. Using the Administration Menu, click on Application Settings.
  2. In the Password Age Limit (days) field, enter the number of days after which users are prompted to change their password, or leave the field blank for no prompt.
  3. In the Email link expiry (days) field, enter the number of days a password recovery email link is valid for before it expires. In other words, when a user clicks the “Forgot Password” button and is emailed a new password, how long do they have to click the link in their email before the link expires?
  4. In the Password Complexity Help Message field, add in some text for users to let them know what the password complexity requirements are. However, you are just providing a message here; a DBA must modify the web.config file on your server to actually change the password complexity rules.

Back-End

This can be configured by your Database Administrator (DBA), or someone with access to make changes directly on the server.

If that describes you, here are the instructions to modify these settings:

  1. Locate your Domain\web.config file (located in the Domain folder)
  2. Search for the string StandardMembershipProvider. The matching element should look something like this:
    <membership defaultProvider="StandardMembershipProvider">
    <providers>
    <add name="StandardMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
    </providers>
    </membership>
  3. Replace the values you would like to change. In particular, the minRequiredPasswordLength and minRequiredNonalphanumericCharacters are likely the values you’ll be changing first!