The Password defaults allow practices to set a higher level of system security for tighter information control or to meet regulatory compliance requirements. With the enhanced password security settings, you can add a new level of security to your Cornerstone practice management system by managing password strength and duration requirements.
Before you start
- Defaults – Practice
- Change Passwords
- Before activating enhanced passwords, update all existing administrator passwords to the anticipated minimum password length.
- This will avoid an invalid password entry message when logging in for the first time with enhanced passwords.
- Once in place, admins can log in and update user passwords as needed.
- Activating enhanced passwords takes effect immediately and users with passwords that do not meet the specified criteria, will not be able to log in or change their passwords.
Set up password defaults
Navigate to Controls > Defaults > Practice and Workstation > Password.
Note: Do not turn on enhanced passwords until at least one administrator user’s password meets the set criteria so they can log in and update other existing passwords not meeting the criteria without issue.
- Select Use Enhanced Passwords to set password strength and duration requirements. When this option is selected, each password must contain a combination of three of the following:
- Uppercase letter
- Lowercase letter
- Special character (e.g., !@#$% or space)
- Specify the enhanced password requirements within your practice using the following settings:
- Minimum password length: Password must be at or more than the specified minimum character length to be valid. Passwords less than 3 characters or more than 30 characters are not permitted.
- Password history: Password cannot be the same as the last __ passwords used.
- Minimum password age: Password must be __ days old before it can be changed.
- Maximum password age: Password must be changed every __ of days.
- Click Apply to save your changes and continue setting defaults or click OK to save your changes and close the window.
- Change passwords security is for only the logged in user to change their own password.
- Password rules are based on use of enhanced passwords.
- Password entry is only case sensitive when using enhanced passwords.
- Users will receive applicable notice when entering/changing password that does not meet the specified criteria set in the defaults.
Example: Maximum password age reached, password reused within designated history, etc.