The security settings for portal authentication are specific to the Umbraco CMS framework and can be configured by a system administrator who has access to the appsettings.json file.
Complete details can be found in the Umbraco Documentation online:
https://docs.umbraco.com/umbraco-cms/reference/configuration/securitysettings
Some of the settings include:
| Allow password reset | This feature allows users to reset their passwords if they have forgotten them. By default, this is enabled. It can be disabled at both the UI and API level by setting this value to “false”. |
| Allowed user name characters | Defines the allowed characters for a username. |
| Member default lockout time | Use this setting to configure how long time a Member is locked out of the Umbraco website when a lockout occurs. The setting accepts an integer which defines the lockout in minutes. The default lockout time for users is 30 days (43200 minutes). |
| Allow concurrent logins | When set to false, any user account is prevented from having multiple simultaneous sessions. In this mode, only one session per user can be active at any given time. This enhances security and prevents concurrent logins with the same user credentials. |
| Required length | Specifies the minimum length a user password is allowed to be. |
| Require non letter or digit | Requires a user’s password to contain at least one character which is not a letter or a digit if enabled. |
| Require digit | Requires a user’s password to contain at least one digit if enabled. |
| Require lowercase | Requires a users password to contain at least one lowercase letter if enabled. |
| Require uppercase | Requires a users password to contain at least one uppercase letter if enabled. |
| Max failed access attempts before lockout | Specifies the max amount of failed password attempts is allowed before the user is locked out of the site. |