Account Password Overview - Vanilla Success
<main> <article class="userContent"> <p>This article covers everything you need to know about <strong>passwords </strong>in <strong>Higher Logic Vanilla (Vanilla)</strong>. </p><h2 data-id="password-requirements">Password requirements</h2><ul><li>Password strength in your Vanilla community is determined by its <strong>length</strong>. The <strong>default minimum password length</strong> is <strong>12</strong>.</li><li>Numbers and special characters (!, @, etc.) are not required.</li></ul><h3 data-id="are-these-default-requirements-strong-enough-for-my-site">Are these default requirements strong enough for my site?</h3><p>While these default password requirements may seem limited, the logic behind this implementation is as follows:</p><ul><li>Password requirements that are too strict may deter some people from registering.</li><li>Logging in to your Vanilla Community is rate-limited to about one attempt per second. This technique helps prevent bots and bad actors from guessing passwords by brute force.</li><li>While not forced upon them, users can still choose a strong password. Users are empowered to choose a stronger password by showing them the complexity of their choice as they type it (<em>too short</em>, <em>good</em>, <em>strong</em>).</li></ul><div class="embedExternal embedImage display-large float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/8Q801VJHDB45/password-strength-example.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/8Q801VJHDB45/password-strength-example.png" alt="password_strength_example.png" height="137" width="1070" loading="lazy" data-display-size="large" data-float="none"></img></a> </div> </div> <h3 data-id="why-aren't-special-characters-required">Why aren't special characters required?</h3><p>Some sites require numbers and special characters (!, @, etc.) for their passwords. This is not consistent with current best practices for the following reasons:</p><ul><li><em>Character variety</em> has less impact on password strength than <em>password length</em>.</li><li>Strict password requirements may conflict with the password generation of password-manager applications, which may result in less secure passwords.</li></ul><h2 data-id="update-your-account-password">Update your account password</h2><p>You can update your account password at any time. To do so:</p><p>1. Select <strong>Edit Profile </strong>from the profile menu.</p><div class="embedExternal embedImage display-large float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/N91RM606TDAW/access-edit-profile-page.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/N91RM606TDAW/access-edit-profile-page.png" alt="access_edit_profile_page.png" height="348" width="450" loading="lazy" data-display-size="large" data-float="none"></img></a> </div> </div> <p>2. In the right sidebar, click <strong>Change My Password</strong>.</p><div class="embedExternal embedImage display-medium float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/8LEZY4FOIE0I/change-password-1.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/8LEZY4FOIE0I/change-password-1.png" alt="change_password-1.png" height="284" width="275" loading="lazy" data-display-size="medium" data-float="none"></img></a> </div> </div> <p>3. On the resulting page, enter your current password, followed by your new password (and confirmation). </p><p><strong>✔️ TIP</strong>: As you type, the <em>strength </em>of your password is indicated via the bar below the <em>New Password</em> field. Vanilla recommends using passwords that reach the "Strong" indicator. </p><div class="embedExternal embedImage display-large float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/JSYIURFMI4VU/change-password-2.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/JSYIURFMI4VU/change-password-2.png" alt="change_password-2.png" height="512" width="1070" loading="lazy" data-display-size="large" data-float="none"></img></a> </div> </div> <p>4. Click <strong>Change Password</strong> to apply the update.</p><p><strong>📝 NOTE</strong>: Resetting your password clears all session data, meaning you'll now have to log in again on all your devices. If your password was compromised, this ensures a bad actor cannot stay logged in to your account on their device, as they'll be forced to log in again.</p><h2 data-id="update-default-minimum-password-length">Update default minimum password length</h2><p>With the default Vanilla community configuration, passwords must be a <strong>minimum </strong>of <strong>12 characters</strong> in length. Admins can, however, change this at any time.</p><p><strong>📝 NOTE</strong>: The minimum cannot be fewer than 8 characters.</p><ol><li>Access the Dashboard.</li><li>Navigate to <strong>Settings > Technical > Security</strong>.</li><li>The <strong>Password Minimum Length</strong> field indicates your current minimum length. Enter your desired minimum length and click <strong>Save</strong>.</li></ol><div class="embedExternal embedImage display-large float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/FELTLA6I6THM/manage-minimum-pwlength.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/FELTLA6I6THM/manage-minimum-pwlength.png" alt="User: "manage_minimum_PWLength.png"" height="180" width="320" loading="lazy" data-display-size="large" data-float="none"></img></a> </div> </div> <h2 data-id="forgot-password-process">Forgot password process</h2><p>Like most sites, your Vanilla community makes it easy to recover your password in the event you've forgotten it.</p><p>1. On the <em>Sign In</em> page, click the <strong>Forgot?</strong> link.</p><div class="embedExternal embedImage display-medium float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/BXXUX6I7SZJD/forgot-password-1.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/BXXUX6I7SZJD/forgot-password-1.png" alt="forgot_password-1.png" height="330" width="375" loading="lazy" data-display-size="medium" data-float="none"></img></a> </div> </div> <p>2. On the <em>Recover Password</em> page: </p><ul><li>enter your account email address, </li><li>check the <strong>I'm not a robot </strong>reCAPTCHA box, </li><li>and click <strong>Request a new Password</strong>.</li></ul><div class="embedExternal embedImage display-large float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/CCTOBBBQUJBL/forgot-password-2.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/CCTOBBBQUJBL/forgot-password-2.png" alt="forgot_password-2.png" height="294" width="450" loading="lazy" data-display-size="large" data-float="none"></img></a> </div> </div> <p>3. Upon receiving the system-generated email, follow the enclosed prompts to recover your password.</p><p>🛑 <strong>IMPORTANT</strong>: The link in the password-reset email message is <strong>valid for 1 hour</strong>; then it expires and you have to re-request the reset.</p><p>✔️ <strong>TIP</strong>: Vanilla recommends that you give the request time to process. If you request a password reset <em>while one request is already in progress</em>, <strong>the second request invalidates the first request</strong>.</p> </article> </main>