Totally agree, even after all this time. The level of security should by be set my the admin.

I could not agree more. Our largest donors are retirees. This problem is causing us much handholding and crippling our efforts to get the older generation to convert from hardcopy communication. It is eating into our justification for choosing Wild Apricot. Further and ironically, before posting to this forum, in order to log in, I had to use "forgot password" Guess what? I was only required to put in an 8 character password and also was provided with the "little eye" so I could verify I had typed it correctly. WHY CAN THIS NOT BE DONE FOR REGULAR PASSWORD MANAGEMENT. This has to be a no brainer. Who do I need to talk to??

12 characters are excessive for our over 65 user base. No reason to expire then, it just makes them less secure as people just start writing them on a sticky by the desktop. Use new Google captcha which is all in the background. Matching ridiculous photos prevents users from logging in

You should follow the NIST standards for passwords that explicitly state forcing a password reset does not increase security and just makes users upset. See

* https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
* https://pages.nist.gov/800-63-FAQ/#q-b07

I deal with all retirees, and 12 characters is beyond most of them! I really would love to be able to change that requirement!

Same. People are now renewing their Memberships

I must agree that for our organization the complexity of the password requirement is more than we need with the special character and 12 characters. That is more than most other online requirements, including the financial institutions I use -- they only require 8 characters and not all of them require special characters!! Give us the option to require fewer characters and just require numbers and lower/upper case without a special character.

If your newsletter is a PDF attachment, make that document Public so they don't need to log in to read it.
There are settings to disable Captcha, which I agree is a PITA. It's in Settings/Anti-spam settings. I've set all mine to Off and for the ones that are "Always on" - just send a request to Support and they can manually turn them off for you.

Agree totally! We have the same age group of members. I get lots of calls for log in issues. They also have a hard time proving they're not a robot with the captcha boxes. Would be nice to give administrators the options to remove this function.

When you institute alternative authentication methods, please make sure you consider the demographic population of elderly users!

Agree with the comments, give us settings to decide the password strenght requirements.

We have the same problem with our 65+ aged members. Add that to the Captcha photo challenges that seemingly appear at random and it makes using this platform a real PITA. And we're paying more for what?

Allow us to decide what the password requirements are like most enterprise systems do. Options include password length; how often a password can be reused; whether a special character is needed; etc.

Change the password requirement back. It is way too complicated! Our members are older and no one can seem to log in. We will have to cancel Wild Apricot if no one can log in.

I administrate WA for two different organizations that are very different--a political club and an HOA. In both cases, logging in can be a challenge for our elderly members, and long passwords are a barrier for full use of the system.

Since recently WA seems to automatically enforce password rotation on users every 365 days.
There should be an option to disable that for all users. Most of our users log in rarely and facing a renewal each year just leads to them not remembering it.

In 2023 - it is no longer a good security practice to enforce password rotation!
(no other large website does that - incl. Google/Facebook/Microsoft/etc)

(Edit) - I just learned that this affects only admins, not regular users. That's much better!

I see that WA now automatically expires user passwords after 365 days; is there a way to prevent that? I'd like our users to be able to use their passwords forever, not being forced to change every year for a site they rarely use.