Jump to content
Martyn Houghton

Customer Portal - Forgotten Password Links Expiry

Recommended Posts

Can you advise on how long the automated links sent via the Customer Portal 'Forgotten Password' automate process are valid for?

Most systems apply an expiry period on this type of links to stop interception/man in the middle attacks.

Cheers

Martyn

Share this post


Link to post
Share on other sites

It can be set with the setting security.guest.passwordPolicy.userResetResponseTimeout - the default is 24 hours.  There is a similar setting for normal users as well:-

 

image.png

 

Share this post


Link to post
Share on other sites

@TrevorHarris

Thanks for the prompt reply and as I now know the duration I was looking to update the system notification email template that get sent so that it says how long the link remain valid for, but it does not appear to be in the list system notifications emails available via the Email Template window?

Is there any way to update this template?

Cheers

Martyn

Share this post


Link to post
Share on other sites

Unfortunately, we don't have a template for this, however, these are controlled by the following translation strings so can be updated there:

security.passwordResetRequest.authorisationRequestSubject
security.passwordResetRequest.authorisationRequestMessage

  • Thanks 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...