Docebo’s password policy ensures maximum security in order to protect your platform privacy. This article will outline how to manage your platform’s policy as an Admin, how to reset your password manually, how to reset a user’s password manually as an Admin, retrieving a lost password, and states specific password restrictions.
Managing the Password Policy as an Admin
As the Superadmin, you can apply a specific password policy to better fit your company’s needs. Begin by accessing the Admin Menu by scrolling your mouse over the gear icon in the top right corner of your platform. Then, press the Advanced Settings item in the Settings section. Once in the Advanced Settings menu, select the Password tab from the tab menu.
In the options menu, flag if you want to enforce the following options:
- Password must include both letters and numbers. Users will receive an error message if they try to create a password with only letters or only numbers. Additionally, they will receive an error message if they use three consecutive letters or three consecutive numbers.
- Password must be different from the username. Users will receive an error message if they try to create a password that matches their usernames.
- Force users to change their password at the first sign in. Users who self-registered in the platform will be prompted to change their passwords after the first log into the platform.
- Password dictionary check. This will check a dictionary to see if there are any common English words used in the password. If the dictionary finds a common word, the user will be asked to set a new password. If you do not flag this option, the check will not be performed, and users can use common English words in their passwords.
Then, you can use the corresponding text box to type in the minimum number of characters required for a valid password. Please note that the default minimum number of characters is 6, but this can be changed, as desired.
Next, type in the maximum number of days for which the password will be valid. Type 0 into the textbox if the password will be valid for an unlimited number of days. Finally, you can force the user to choose a password different from the last number of previously-used passwords. For example, a user cannot use a password that was within the last three passwords used by him or her.
Now, move to the Users tab of the Advanced Settings menu. Activate the Automatically Calculate Password option in the Options section to enable the platform to automatically generate a password for users, upon creation. When this option is selected, passwords are automatically generated both for users manually created, and for users created via API. The password will not be regenerated when users are updated.
Set the Maximum number of consecutively failed sign in attempts in the corresponding section. The default value for this parameter is 3; set it to 0 (zero) to leave your users an unlimited number of login attempts. When the maximum number of failed attempts is reached, all subsequent sign-in attempts will be blocked for 10 minutes. The block applies to the IP address from which the sign-in to the system was attempted.
Accessibility Hint: Consider setting this parameter to 1 only when it is strictly necessary. Having no opportunity to retype the password more than one time can be a great disadvantage for some users. Please refer to this article for further details on accessibility in your platform.
Once a user is logged into the system, they always have the option to reset their passwords.
Please note that if you are creating users via API as the Superadmin, none of the configurations that you set in the Advanced Settings menu related to the password policy will be applied to the users created via API.
Resetting My Password from Within the Platform (End Users)
If any user (End User, Power User, or Superadmin) needs to change the password he/she uses in his/her own Docebo platform, it is possible to do so from the main user menu. Access the User Menu from the menu icon in the top left corner of your platform, then press the pen icon. Now, open the Change Password tab on your profile page.
Then, in the Change Password tab, type your current password and your new password into the corresponding text boxes, then retype the new password into the text field below. Remember to fill out all mandatory fields (marked with asterisks). When you’re finished, press Save Changes. The page will refresh, and the new password will be saved.
For security reasons, the user will be logged out from the platform after he/she completes the password reset. In this way, in the event of a cyberattack, an attacker is not able to keep the platform session active and make changes to the user account to attack it.
Resetting a User’s Password (as an Admin)
As the Superadmin of a platform, if you’re needing to manually reset a user’s password, you can do so from the User Management page in your platform. Access your platform as the Superadmin, then scroll your mouse over the gears icon in the left sidebar. Press the Users item in the E-Learning section.
Now, find the user in the list of users on the bottom half of this page. Please note that you can use the search bar, advanced search function, or the filters at the top of the list, if necessary. Once you find the user, press the menu item at the end of the user’s row, then press the Edit item in the dropdown menu.
Then, in the slideout panel, type in the new password into the corresponding text box, then retype it into the text field below. You need to confirm that all mandatory fields (marked with asterisks) are filled out as well. When you’re finished, press Update. The user should use the new password upon the next log into the platform.
Retrieving a Lost Password
If you have lost your password or can’t access your platform (including your trial platform) with your password, you can reset your password by pressing the Forgot Your Password? item on your platform’s login page. In the pop-up box, type in your email address that corresponds to your user account in the platform and press Send. Docebo will send you a generic email to the email address that you entered. The email will include a link and instructions regarding how you can reset your password. You have 24 hours to reset your password from the time you press the corresponding button on the login form. After 24 hours, the reset link provided in the recovery password email is expired.
Please Note: To ensure your platform’s security, Docebo’s Learning & Support team cannot change the password of your Admin platform on your behalf. You must follow the instructions outlined above to reset the password of your platform. If you have more than one user with the same email address, the password reset email will be sent to the last user created with that email address. To avoid this issue, we recommend that you do not create multiple users in your Docebo platform using the same email address.
There are a few password restriction policies that are forcibly applied across all Docebo platforms. These policies cannot be changed. Passwords cannot contain:
- Only sequences or repeated characters (12345678, 22222222, abcdefg)
- Adjacent key placement (qwerty, asdfgh)
- Common, easily-guessable password terms (password, password123, admin, administrator)