All Collections
Getting Started
Advanced system settings and options
Enable captcha and password strength requirements with High Security Mode
Enable captcha and password strength requirements with High Security Mode

Turn on captcha, set minimum length on passwords, and force auto-logout after 30 minutes of inactivity.

Zack Schwartz avatar
Written by Zack Schwartz
Updated over a week ago

The feature described here is known as High Security Mode. Some customers need this mode enabled in order to comply with their internal IT security policies. However, when you enable this feature there are a number of side effects that you should be aware of.

  1. Captcha during login and registration. Captcha double checks that the user is not an automated robot.

2. Strong password requirements will now be enforced.

3. Auto-logout after 15 minutes of inactivity. The system will detect if the user does not perform any activity for 15 minutes. If so, they will be automatically logged out of the system.

4. If a user's password is older than 60 days, they will be required to set a new password on their next login.

5. User accounts are locked out after 10 failed login attempts.

More techy side effects

6. "Referrer" header is validated whether it is an internal URL.

7. Redirect url parameters are validated whether it is a local url or must be a whitelisted url.

8. "X-Frame-Options", "Content-Security-Policy", "Permissions-Policy", "Referrer-Policy" headers are added.

Enable the feature

To enable high security mode, click System Settings and then click System Features on the left side navigation. Then click edit.

Check the box for High Security Mode and then click Save.

Did this answer your question?