Welcome to the Janison Academy help portal



You can help protect your site by customising your password policy settings, including:

  • Requiring Users to change their password regularly,
  • Specifying a minimum length for passwords, and
  • Requiring passwords to meet certain complexity requirements.

At Janison we always recommend having a strong password policy. We recommend using at least the default password settings that were set up when your site was first established. Alternatively you may choose to make the password settings even stronger.

To manage password settings go to Settings > Password Settings.

There are five separate aspects that you can set. Click the chevron next to each one in order to see and edit the settings.

Complexity Rules

If Complexity Rules are enabled, passwords will need to meet the minimum requirements when they are created or changed. There are several options available to increase password security.

No minimum complexity

If this is selected passwords will not be required to meet any complexity rules. This setting is not recommended as it allows Users to choose weak passwords that will make their accounts vulnerable. For example passwords that contain only alphanumeric characters are extremely easy to discover using several publicly available tools.

Passwords must meet minimum complexity

If enabled passwords must meet the minimum requirements specified in the options below when created or changed.

Minimum password length

A numerical value is required in this field which will enforce the minimum length of a password. In this example passwords are required to be 5 characters or more.

Require an upper case letter

At least one upper case letter is required, for example A, B, C.

Require a number

At least one number is required, for example 0, 1, 2, 3, 4, 5, 6, 7, 8, 9.

Require a symbol

At least one symbol is required, for example  ~!@#$%^&*()_+:\”;'<>?,./{}|[]\

Use generated password strength hint

This option should be selected if the complexity rules are left as the system default because the text matches the default settings. The message on the Change Password screen will appear as in the screenshot below.

Use custom password strength hint

This option should be selected if the complexity rules have been changed and therefore the hint needs to be changed to match. As above, the message on the Change Password screen will appear with the new text entered into this field.

Password Generation

These settings are used for special User cases. Specifically whereby students are never meant to log on, as they self-register for a test, take the test and submit it.

The function allows a teacher to tell the student their auto generated password if anything goes wrong.

This works in conjunction with User Settings > Self Registration.

Expiry and Reset Policy

You can make a User’s password expire after a certain number of days or set the password to never expire. You can also change the number of days Users must wait before they can change their passwords. In addition, the Password expiry time can be configured differently per Role.

Minimum password change interval (days)

The number entered into this field limits the time the Users must wait between changes to their password. For example an interval of ‘1’ day would limit a User to 1 password change per day and an interval of ‘2’ would limit a User to 1 password change every 2 days.

In the screenshot below the interval has been set to 30 days. When the User attempts to change their password more than once during this period the message below is presented to them. The text can be customised if required in String Resources. Please see the document on String Resources for further details.

Authentication required when changing user sensitive data

If this option is checked and your Role permits you to make changes, you will be required to enter your password in order to change the passwords of other Users.

Passwords never expire

If this option is active, Users will never be forced to change their passwords.

Passwords must be changed after a period

Enter a value in the Default validity period field to specify when the system will force a password reset for Users. This expiry period can be customised for particular roles using the Role drop-down as shown in the screenshot above. In this example the Facilitator role has been set to expire after 30 days. All other User passwords will expire in 90 days.

Below is the screen a User will encounter when their password expires. The text Your password has expired. You need to set a new password is a String Resource and can be customised if required.

Reveal Passwords

If Reveal Passwords is activated then passwords can be displayed in the User List form.

Two configurations are required to make this work correctly.

  1. Password Hashing needs to be turned off for the User Role. This can be accessed in Settings > Roles by selecting the relevant Role and setting the Hashing Scheme to None.

  1. The Password field needs to be set to Visible in the User List. This can be accessed in Settings > User Settings > List View.

The password will appear in the User list form as displayed below.

Re-using Passwords

The system can be configured to control the reuse of passwords when a password reset is carried out.

Allow users to set new passwords that they have used previously

This option allows a User to reuse a password previously used.

Don’t allow users to set new passwords that they have used previously.

This option will restrict a User from reusing a password. If they attempt to reuse a password they will encounter the below warning.

Number of passwords in history

This number dictates the number of passwords to store in the password history for that User. If this value is for example ‘3’ then the 4th password set by the User can be the same as the first.