e-PlanREVIEW (EPR) provides baseline login security through a set of enforced password requirements for all users. Additionally, EPR provides optional password features for agencies who desire stricter password requirements as described below.
If an Agency intends to enforce any additional password security requirements, it’s best to configure these before user accounts are created to ensure that all accounts comply with the requirements. Any pre-existing accounts should be reviewed to ensure they comply with optional password requirements.
Standard Password Security Rules
To view the standard password security rules enforced by EPR:
Navigate to the EPR Password page at Settings > Security > Password.
The page lists a series of always-enforced rules indicating that each account password requires:
At least one uppercase alpha character
At least one numeric character
At least one of the following special characters: ! @ # $ % ^ & *
A minimum password length of 7 characters (see Password Strength)
These baseline password security rules are always enforced and, password length aside, cannot be modified or reconfigured.
Password Strength
Within EPR, ‘Password Strength’ refers to the minimum character length of a login password. This value is initially defaulted to minimum length of 7 characters, though Administrators can modify this to be anywhere between 7 and 30 characters.
To view or update the minimum password character length:
Navigate to the EPR Password page at Settings > Security > Password.
Under the list of “Standard password security…” rules, check the set value for Password Strength.
If desired, enter a new value (must be an integer between 7 and 30 characters) within the field.
Click SAVE to confirm the update.
When creating a new user account, the login password must meet the minimum character length configured on this page. Minimum password length cannot be disabled.
Password Expiration
If desired, Agency Administrators can also enforce periodic password expiration so that users have to updated their account passwords after a certain amount of time.
To enable, update, or disable password expiration:
Navigate to the EPR Password page at Settings > Security > Password.
Click on the Enforce Password Expiration toggle to either:
Enable (toggle to the right, green color)
Disable (toggle to the left, gray color)
If enabling password expiration, enter the number of days for passwords to last before they expire:
Set this value to 0 if passwords are never meant to expire.
Set this value to any number greater than 0 if they are meant to expire.
The value set reflects the number of days that a password remains valid before it expires and the user has to update their password.
The smaller the number, the more frequently users will need to update their login credentials.
Click SAVE to confirm the update.
When a password expires, users will be required to set a new password for their account.
Enforcing password expiration is not recommended for agencies that integrate with a partner permitting system as user accounts have to remain consistent to ensure proper syncing between systems.