Umbraco Security Settings
The settings for Umbraco passwords are configurable in appsettings. There are two different configuration objects - One for Umbraco Members and one for Users.
For more information see the Security Settings documentation.
Password reset settings
Umbraco backend users can reset their own password, or if they try too much, have a locked out account.
To deactivate the User password reset look at the Umbraco Settings Security section.
To configure password reset verify the Backoffice Login Password Reset section.
Other security settings
- The Umbraco timeout in minutes
- disableAlternativeTemplates If set to false this can be used to try to render pages in a way that they are not supposed to
- disableFindContentByIdPath If set to false this can be used to do an enumeration of the nodes in your website and find hidden pages.
- Umbraco Forms: AntiForgeryToken and DisableFormCaching