Contacts Settings: Account management

This setting specifies the message that is displayed when an account is created or a password is changed.

Warning! This setting does not control the actual password requirements. Password requirements are hard-coded, and are not configurable.

The default message is:

The password must be at least {0} characters long and contain both letters and numbers. 

Two variables can be added to the message: {0} or {1}. The {0} variable refers to the minimum password length allowed and the {1} variable refers to the minimum non-alphanumeric characters allowed.

The default for the variable {0} is 7 (minRequiredPasswordLength), which is the minimum length required for PCI compliance. The default for the variable {1} is 0 (minRequiredNonalphanumericCharacters). Non-alphanumeric characters are not necessary for PCI compliance, so setting a minimum value for variable {1} is optional. However, requiring non-alphanumeric characters increases password security.

Note: When resetting a password, the minimum password strength criteria is seven characters plus at least one alphabetic character and at least one numeric character. If the minRequiredPasswordLength value specified in the web.config is less than 7, the minRequiredPasswordLength value will be ignored.
If the passwordStrengthRegularExpression value in the web.config file specifies a weaker password than described, the supplied password is rejected. If the regular expression includes the minimum password strength criteria but is stronger, then the passwordStrengthRegularExpression is used to evaluate the desired new password.
Contact ASI Hosting for assistance.

Specifies the message that is displayed when a sign-in attempt fails. The default message is:

The username or password you entered is incorrect.

If you would like to change this message, edit the Contact Sign In content item directly.

Note: iMIS provides enhanced password hashing to secure all user login passwords. This enhanced password security complies with PCI 3.2 guidelines.

When Session Timeout settings are enabled, specifies the warning message that is displayed two minutes prior to a user’s session timing out. The default message is:

                            You are about to be signed out 
You will be signed out in [SecondsRemaining] seconds due to inactivity. Your changes will not be saved. 
To continue working on the website, click "Stay Signed In" below.

When the Session Timeout warning message appears, users have the option to stay signed in. The text defined in this field will appear on the button that keeps the user signed in. By default, the button text says Stay Signed In.

When the Session Timeout warning message appears, users have the option to logout. The text defined in this field will appear on the button that logs the user out. By default, the button text says Logout.

Specifies the message that displays when a user’s session has timed out. The default message is:

Your session has timed out. Please sign in to continue.

See Session Timeout for more information.

Specifies the message that displays when a user is inactive for a period or logs into another browser session with the same credentials.

Use this field to define the message that appears when a user has created a password that does not meet the minimum password requirements.

Enter the email address from which email notifications are sent.

If enabled, when a contact does not already have user credentials and submits a Forgot my username request, user credentials will be automatically generated if the email address entered is associated with an existing contact. By default, this setting is not enabled.

Note: The contact cannot have an existing user account, and a contact cannot have different user accounts based on their emails.

Note: The Forgot username? link uses the SignIn shortcut.

Enter the message that displays when an existing user attempts to create an account. If the user enters an email address that is already associated with an account, this message displays.

The LogonInformationRequestMessage is sent to users who have submitted the Forgot my username form. The default message is:

We received a request for the username associated with this email address. Based on the information provided, your username is:
[UserId]
Please click the link below to return to our website and sign in: 
[LogonUrl]
If clicking the link does not work, you can copy and paste it into your browser's address window.

Note: The Forgot username? link uses the SignIn shortcut.

The LogonInformationRequestMessageUserNameNotFound is sent to users who have submitted the Forgot my username form, and their username is not found. The default message is:

We received a request for the username associated with this email address, [Email]. Based on the information provided, we could not find a username. 
Please contact your administrator for further assistance. 

Note: The Forgot password? link uses the SignIn shortcut.

The PasswordResetRequestMessage is sent to users who have submitted the Forgot my password form. The default message is:

We received a request to reset the password for the username '[UserId]'. If you made this request, go to the password reset page.
This link is valid for [ValidResetDuration] minutes after the time it was requested.
If you did not request to have your password reset, you can safely ignore this email.
If clicking on the link does not work, you can copy and paste the following link into your browser's address window.
[LogonUrl]

You can use the following variables in the LogonInformationRequestMessage and the PasswordResetRequestMessage. When an email is sent, the variables are replaced with the appropriate values.

• [UserId]
• [ContactId]
• [Email]
• [LogonUrl]
• [ValidResetDuration] - for PasswordResetRequestMessage text only.

  Use HTML or CSS to modify the display of the emails.

Note: The Forgot password? link uses the SignIn shortcut.

• HTML and inline styles work best in emails, because some email clients ignore externally linked CSS files. For example, the following inline style turns the header text blue and changes the font:

<h1 style="color:#0000FF;font-family:Georgia,serif;">Heading text</h1>

• Use full paths to images, not relative paths. For example:

<img src="http://www.servername.com/images/logo.gif" alt="Company logo" />

• Test your email messages in different email clients to make sure everything looks the way you want.

iMIS uses CAPTCHAs for security. CAPTCHA is a program that can generate and grade tests that humans can pass but current computer programs cannot.

Note: CAPTCHAs are used on Request username, Reset password, Account creation pages and Contact Us forms only.

Do the following to enable CAPTCHA security:

1. Create an account with reCAPTCHA.

Note: When registering a new site with reCAPTCHA, select to use reCAPTCHA v2 with Checkbox. iMIS supports only this type of reCAPTCHA.

2. Follow reCAPTCHA's instructions to create your Public and Private keys.
3. From the Staff site, go to Settings > Contacts > Account management.
4. From the reCAPTCHA Settings section, enter the following values:
   • Public key
   • Private key
   • Theme - You can customize the look and feel of reCAPTCHA.
5. (optional) Enable Skip validation to allow iMIS to bypass the CAPTCHA validation. This is useful if you are testing your sites.
6. Click Save.

Whenever a user signs in, their account expiration date is reset to that login date plus the number of years specified in this field. For example, if this value is 3, and a user signs in on January 1, 2015, their account expiration date is set to January 1, 2018.

Enable this option to use SSL security for logon.

Specifies the number of minutes the reset password token is valid. The default value is 20 minutes, but it is recommended that the value does not exceed 60 minutes.