# Umbraco Security Settings

## Password settings

The settings for Umbraco passwords are configurable in appsettings. There are two different configuration objects - One for Umbraco Members and one for Users.

For more information see the [Security Settings documentation](/umbraco-cms/reference/configuration/securitysettings.md#user-password-settings).

## Password reset settings

Umbraco backend users can [reset their own password](/umbraco-cms/reference/security/password-reset.md), or if they try too much, have a locked out account.

To deactivate the User password reset look at the [Umbraco Settings Security](/umbraco-cms/reference/configuration/securitysettings.md#allow-password-reset) section.

To configure password reset verify the [Backoffice Login Password Reset](/umbraco-cms/fundamentals/backoffice/login.md#password-reset) section.

## Other security settings

* [The Umbraco timeout in minutes](/umbraco-cms/reference/configuration/globalsettings.md#timeout)
* [disableAlternativeTemplates](/umbraco-cms/reference/configuration/webroutingsettings.md#disable-alternative-templates) If set to false this can be used to try to render pages in a way that they are not supposed to
* [disableFindContentByIdPath](/umbraco-cms/reference/configuration/webroutingsettings.md#disable-find-content-by-id-path) If set to false this can be used to do an enumeration of the nodes in your website and find hidden pages.
* Umbraco Forms: [AntiForgeryToken](https://docs.umbraco.com/umbraco-forms/developer/configuration#enableantiforgerytoken) and DisableFormCaching


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.umbraco.com/umbraco-cms/reference/security/security-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.