Admin Password

  • The “Admin Password Settings” page allows you to beef up your site's security by forcing admins to re-authenticate before they are able to access your Admin Panel. One example scenario where this would be a benefit is if one of your admins logged in on a public computer and forgot to log-out after they were done. Whoever used the computer after them would be able to browse your social network as that admin, but if they tried to get into the Admin section, they would be prompted to re-authenticate and wouldn't be able to access your site's Admin Panel.

    To reach the “Admin Password Settings” page, in your Admin Panel navigate to Settings > Admin Password. Be sure to “Save Changes” if you change any settings.

    Re-Authentication

    The first option on the page is set to "Do not require re-authentication" by default. This means that if you are logged in as an admin, you can access the Admin Panel without needing to re-enter a password. 

    There are two options if you want to enable re-authentication. The first, "Require admins to re-enter their password when they try to access the admin panel", will prompt admins to enter their user password again when they try to access the Admin Panel. The second, "Require admins to enter a global password when they try to access the admin panel", allows you to decide on a password that admins will need to enter before they gain access to the Admin Panel.

    Password

    If you have selected "Do not require re-authentication" or "Require admins to re-enter their password when they try to access the admin panel", the "Password" and "Password Again" fields aren't relevant. If you have selected "Require admins to enter a global password when they try to access the admin panel", you will need to select the password and enter it here. Make sure to pick a secure password, ideally at least 8 characters long with numbers and letters, for extra security.

    Timeout

    This setting allows you to determine how frequently your admins will need to re-authenticate. The timeout should be the number of seconds until the admin needs to re-enter their password - by default, it is set to 300 (5 minutes). The smaller the number, the more often admins will need to enter their passwords (which can be irritating), but a very large number may be slightly less secure.