For a user to have their password approved, the user must follow our guidelines regarding the validation of their password.
- A password must contain between 8-16 characters.
- The password must contain both small and large letters (both uppercase and lower case should be present).
- The password must contain minimum one number
- The password must not have been used previously (3x).
Expiry (standards, warnings)
Standard password expiry and timing settings within our password handling system.
Notice: before deactivating a normal user, we analyze the user activity. Active accounts will delay the deactivation progress and deletion is cancelled.
Inactivity: When a user has not logged into our system for 1 year (default)
Create new user, sends email to the user with activation link that expires after
If the user ignores the activation, the activation disables, and the user is deleted after
Standard password expiry time
Never (if active)
User gets first request for changing password after
1 year of inactivity
User gets second request for changing password after/on
User gets third request for changing password after/on
User gets fourth request for changing password after/on – email: account will be deactivated in 10 days.
Users that has system admin and still haven’t changed their password will not be deactivated or deleted, these users will get another password change request e-mail
+40 days + every 10 days
Users that is not system admin and still haven’t changed their password will deactivated – email sent.
If user has been active but not changed password in the above period (1 years) then user will not be deactivated this period has run out
1 year + 6 months (no further emails will be sent in this period)
User account will be deleted after
User inactive period before getting deleted.
Check user’s expiry time execution, when do we check the user’s expiry time
Within how many days a user has to be logged in to have active status
System administrator, Breecesupport and user-administrator roles won’t be deactivated or deleted.
If the user has such a role, the user will continue to receive mail
warnings every 10 days until changed, or max warnings has been reached. This is until the user has changed their password (configurable).
That our service also checks the user account activity, if we register a lot of activity on the account, the account will not be deleted and the time between last warnings and deactivation period is extended.
An administrator or user administrator role creates a new user.
When the user is created, our system automatic sends an e-mail to the new user containing a link for our ‘register and type password’-page (at this time, the account is not enabled). This e-mail is translated to our supported languages, based on the Language selected in the user creation procedure.
From the time the mail is sent to the activation link expires - there will go 14 days (configurable). If the link has expired, the user has the option (within 30 days) to click “Send a new activation e-mail” this will give the user 30 days extra.
When password is validated, the user account is enabled, and it is now possible to log into Breece Cloud or Breece Cloud Enterprise.
If password is forgotten, this is handled by the user going to our login screen. In the bottom (underneath the actual login form) the user can click on ‘Forgot my password’- button.
Now a dialog/popup is opened, and the user has the option to type the registered e-mail used for login to cloud. If this e-mail is validated within our system. The user will receive a new activation e-mail.
If user wants to change password, the user must go to their profile page and type new password 2x.
Admin force password reset
Breece cloud admins which has access to edit user accounts, has the option to force a password reset on a user profile. The disables the user and the user receives a password creation e-mail. Following same procedure as a normal user creation.s
If the user wants to delete his account, the user must go to their profile and click Delete account request. The user then gets prompted with message “You received an e-mail, with confirming link/button”. The user now has the option to confirm deletion by clicking the link/button the user in the e-mail. Our support departments now receive a ticket to delete the user.