Change preferences for password lockouts, resets, and related settings.

1. To revise standard password lockout email verbiage:
   1. Select Admin > Portal Settings > Email Configuration.
   2. Select Email Options.
   3. Locate the Account "Lockout" Email Verbiage setting.
   4. Select Edit Text. Default lockout email verbiage is shown.
   5. Revise the text and select Save.
2. To revise password lockout preferences:
   1. Select Admin > Portal Settings > Security / Login.
   2. Select Log In Page.
   3. Locate the setting called Failed Password Lockout – Number of failed password attempts before the user is locked out on next attempt.

      Enter the number of failed password attempts allowed on the login page (a minimum of 5 is recommended). The System and Security Admin can unlock user accounts from the User Access page.

   4. Locate the setting called Password Reset Preferences.
      Indicate how password reset emails are sent to users:

      • E = email only: Reset link is sent to the email on file in the PR Employee or HR Resource profile in Vista.
      • S = SMS only: Users receive the reset link in an SMS text message.
        Note: You must have configured SMS text messages in order to use this option. See SMS Messages through the Portal for details.
      • ES = email if populated, SMS secondary: Allows you to use either email or SMS based on the employee's setup.
      • SE = SMS if populated, email secondary: Allows you to use either SMS or email based on the employee's setup.
3. To revise password reset preferences:
   1. Select Admin > Portal Settings > Security / Login > General Configuration.
   2. Locate the setting called Require users to change password on first login after admin resets password.

      Enable this setting to require users to change their password if it has been created or changed by a System or Security Admin on the User Access page. For example, at their first login or following a password reset.

   3. Locate the setting called Maximum number of days between password resets.
      This setting allows you to force users to change their passwords on a regular basis:

      • Enter the number of days allowed between password resets. For example, 90.
      • The number of days must be a value of at least 1 and at most 99,999. A value of null is also permitted.
      • Days are counted from the last password reset.
      • This setting is specific to logins with an employee number and does not impact SSO or AD logins.

      If this setting is left blank, users will not be required to change their passwords but will have the ability to change them at any time.

   4. Locate the setting called Number of days before password expiration to show warning on Home Page.

      If you are forcing password resets on a regular basis, this setting allows you to warn users a specified number of days ahead of time. For example, if you enter 20, a warning shows on the Home page 20 days prior to an impending password reset.