OverviewiCIMS provides simple password reset processes for candidates and Platform users. Passwords are encrypted using secure hash algorithms. iCIMS also provides the ability for the client to select password complexity rules and other requirements (additional information on this topic is available in the Password Requirements section below).
Individuals may easily change their own passwords by following the steps in the appropriate article from the list below; these links may be shared with and accessed by candidates and Platform users:
- Changing Your Password: Platform Users
- Changing Your Password: Candidates & New Hires
- Retrieving Your Lost or Forgotten Login or Password: Candidates & New Hires
- Retrieving Your Lost or Forgotten Login or Password: Platform Users
Resetting a Password for a Candidate or Platform User
- Navigate to the correct Person Profile. Then, click the Login Tab.
- Click the Edit icon.
- Type the desired new password in the Password and Password (Re-enter) fields.
- Click the Save button to confirm the change.
Setting Password Requirements within Your SystemPassword requirements for your organization's Platform may be set by your Implementation Manager or iCIMS Technical Support based on your organization's preferences.
Your user admin can also set password requirements for your organization's Portals using the settings accessed via Admin > System Configuration > Tools to Attract Candidates > Career Portals > Configure > Portal Settings > Passwords.
iCIMS recommends adopting security practices at least as strict as the following:
- Minimum character length (8 or greater)
- Minimum # alphabetic (1 or greater)
- Minimum # numeric (1 or greater)
- Minimum # lowercase (1 or greater)
- Minimum # uppercase (1 or greater)
- Force password change periodically (Options include disabled, 30 days, 60 days, 90 days, 180 days, 365 days)
- Enforce password history for (If enabled, options range by integer from forbidding reuse of the last single password to forbidding use of the last 10 passwords)
- Disallowed passwords (This option allows you to specify any passwords users may not use (e.g., "password"))
- If password complexity requirements are changed after a user or candidate has created a password, they will be prompted to create a new password.
- If Force Password Change Periodically is enabled for X days, the system will force users who have not changed their password in greater than or equal to X days to change their password the next time they log in. This applies to new users as well as users who created a password prior to this requirement being enabled.