Docebo’s password policy ensures maximum security in order to protect your platform privacy. This article will outline how to manage your platform’s policy as an Admin, how to reset your password manually, how to reset a user’s password manually as an Admin, retrieving a lost password, and states specific password restrictions.
Managing the Password Policy as an Admin
As the Superadmin, you can apply a specific password policy to better fit your company’s needs. Begin by accessing the Admin Menu by scrolling your mouse over the gear icon in the top right corner of your platform. Then, press the Advanced Settings item in the Settings section. Once in the Advanced Settings menu, select the Password tab from the tab menu.
In the options menu, flag if you want to enforce the following options:
- Password must include both letters and numbers. Users will receive an error message if they try to create a password with only letters or only numbers. Additionally, they will receive an error message if they use three consecutive letters or three consecutive numbers.
- Password must be different from the username. Users will receive an error message if they try to create a password that matches their usernames.
- Force users to change their password at the first sign in. Users who self registered in the LMS will be prompted to change their passwords after the first log into the platform.
- Password dictionary check. This will check a dictionary to see if there are any common English words used in the password. If the dictionary finds a common word, the user will be asked to set a new password. If you do not flag this option, the check will not be performed, and users can use common English words in their password.
Then, you can use the corresponding text box to type in the minimum number of characters required for a valid password. Please note that the default minimum number of characters is 6, but this can be changed, as desired.
Next, type in the maximum numbers of days for which the password will be valid. Type 0 into the textbox if the password will be valid for an unlimited number of days. Finally, you can force the user to choose a password different from the last number of previously-used passwords. For example, a user cannot use a password that was within the last three passwords used by him or her.
Now, move to the Users tab of the Advanced Settings menu. Activate the Automatically Calculate Password option in the Options section to enable the platform to automatically generate a password for users, upon creation. When this option is selected, passwords are automatically generated both for users manually created, and for users created via API. The password will not be regenerated when users are updated.
In the Maximum number of consecutively failed sign in attempts section, set a maximum number of consecutive failed login attempts. Please note that by putting 0 in this text box, you will set an unlimited number of login attempts. Please note that the default number is 3, but you can overwrite that number based on your preferences. Please Note: If the maximum number of failed attempts is reached, subsequent sign-in attempts will be blocked for 10 minutes. This blocking applies to the IP address from which sign-in to the system was attempted, such that all sign-in attempts from this IP address will be blocked from the system for 10 minutes.
Once a user is logged into the system, they always have the option to reset their passwords.
Please note that if you are creating users via API as the Superadmin, none of the configurations that you set in the Advanced Settings menu related to the password policy will applied to the users created via API.
Resetting My Password from Within the LMS (End Users)
If any user (End User, Power User, or Superadmin) needs to change their own password to their own Docebo platform, they can do so from the main user menu. Scroll your mouse over the menu icon at the top of the left sidebar, then press the Show Profile item underneath the user’s profile picture.
Then, in the pop up box, type in your new password into the corresponding text box, then retype it into the text field below. You need to confirm that all mandatory fields (marked with asterisks) are filled out as well. When you’re finished, press Save Changes. The page will refresh, and the new password will be saved. The user will not need to logout and log back into the platform, but should use the new password upon the next log into the platform.
Resetting a User’s Password (as an Admin)
As the Superadmin of a platform, if you’re needing to manually reset a user’s password, you can do so from the User Management page in your platform. Access your platform as the Superadmin, then scroll your mouse over the gears icon in the left sidebar. Press the Users item in the E-Learning section.
Now, find the user in the list of users on the bottom half of this page. Please note that you can use the search bar, advanced search function, or the filters at the top of the list, if necessary. Once you find the user, press the menu item at the end of the user’s row, then press the Edit item in the dropdown menu.
Then, in the slideout panel, type in the new password into the corresponding text box, then retype it into the text field below. You need to confirm that all mandatory fields (marked with asterisks) are filled out as well. When you’re finished, press Update. The user should use the new password upon the next log into the platform.
Retrieving a Lost Password
If you have lost your password or can’t access your platform (including your trial platform) with your password, you can reset your password by pressing the Lost Password item on your platform’s login page. In the pop up box, type in your email address that corresponds to your user account in the platform and press Send. Docebo will send you a generic email to the email address that you entered. The email will include a link and instructions regarding how you can reset your password. You have 24 hours to reset your password from the time you press the corresponding button on the login form. After 24 hours, the reset link provided in the recovery password email is expired.
Please Note: To ensure your platform’s security, Docebo’s Learning & Support team cannot change the password of your Admin platform on your behalf. You must follow the instructions outlined above to reset the password of your platform. If you have more than one user with the same email address, the password reset email will be sent to the last user created with that email address. To avoid this issue, we recommend that you do not create multiple users in your Docebo platform using the same email address.
There are a few password restriction policies that are forcibly applied across all Docebo platforms. These policies cannot be changed. Passwords cannot contain:
- Only sequences or repeated characters (12345678, 22222222, abcdefg)
- Adjacent key placement (qwerty, asdfgh)
- Common, easily-guessable password terms (password, password123, admin, administrator)