Enforcing Password Reset for Administrator Accounts

EFT provides the option to force administrators to change their password on log in. On Sites defined using the "strict security settings," users are forced to change their passwords on first use.

You can enable the password reset page while disallowing general access to HTTP or HTTPS. When a new user logs in to EFT via the HTTP or HTTPS index page, EFT redirects the user to the reset page. After the user creates a new password, they are returned to the index page.

To configure administrator accounts to enforce password reset

  1. In the administration interface, connect to EFT and click the Server tab.

  2. On the Server tab, click the Server node you want to configure.

  3. In the right pane, click the Administration tab.

  4. Click an EFT-managed administrator account, then click Password Policy. The Password Security Settings dialog box appears.

  5. Select the Admin must reset their password after first login check box. Administrators are prompted to change their password when they log in to the Site.

  6. Click OK to close the dialog box.

  7. Click Apply to save the changes on EFT.

When a password is reset, EFT verifies the new password against complexity criteria and password history, if those features are enabled. The administrator is not allowed to proceed with the session until a password is created and accepted by the system. If the password is not accepted by the system:

For high security-enabled (strict security) Sites:

EFT cannot ask FTP users to change their password prior to logging in and identifying themselves. EFT allows them to login (authenticate), but then prevents any further interaction until they change their password.