When working with Optimizely <<product-name>>, there are number of options for controlling the specifics related to timeouts and passwords. Some of these options are configurable, while others are not.
## Admin console
### General settings
Timeout is set to 15 minutes and is not configurable in order to maintain compliance with PA-DSS.
Users who have the role ISC_Admin, ISC_System, or ISC_Integration, the password expires after 90 days (passwords for website users do not expire).
### Password complexity settings
The settings to control password complexity are found in the Startup.Auth.cs file:
// Configure validation logic for passwords
SecurityOptions.PasswordValidatorOptions = new PasswordValidatorOptions
### Website timeout settings
The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.:
The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.