diff --git a/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference.xml b/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference.xml
index a340e5f72b0725ddddee40369e5bf1b3bcedd3d9..b0e94b1efe32389c0f1f54756bc90391b790250d 100644
--- a/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference.xml
+++ b/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference.xml
@@ -34,7 +34,7 @@
         </item>
         <item>
             <key> <string>last_id</string> </key>
-            <value> <string>11</string> </value>
+            <value> <string>12</string> </value>
         </item>
         <item>
             <key> <string>portal_type</string> </key>
diff --git a/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference/preferred_authentication_policy_enabled_property.xml b/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference/preferred_authentication_policy_enabled_property.xml
new file mode 100644
index 0000000000000000000000000000000000000000..6096a0771e8c72799ed0b8a5bf646ff8e39b02a5
--- /dev/null
+++ b/bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference/preferred_authentication_policy_enabled_property.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Standard Property" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>elementary_type/boolean</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string>If checked will enforce authentication policy rules site wide.</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>preferred_authentication_policy_enabled_property</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Standard Property</string> </value>
+        </item>
+        <item>
+            <key> <string>preference</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+        <item>
+            <key> <string>property_default</string> </key>
+            <value> <string>python: False</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.xml b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.xml
index 6dfc5c419721ddd5bfd90845d2a7bfd897b9f238..e7fafda7c514240d08e766bc0fc7ef8e8337ae9e 100644
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_isPasswordValid.xml
@@ -73,14 +73,13 @@ def doValidation(person, password):\n
   if result<=0:\n
     message = context.Base_translateString(message_dict[result])\n
     raise ValidationError(\'external_validator_failed\', context, error_text=message)\n
+  return result\n
 \n
-# do only for authenticated members\n
-if not portal.portal_membership.isAnonymousUser():\n
-  # find Person object (or authenticated member) and validate it on it (password recovered for an existing account)\n
-  user_login = request.get(\'field_user_login\', None)\n
-  person = context.ERP5Site_getAuthenticatedMemberPersonValue(user_login)\n
-  if person is not None:\n
-    return doValidation(person, password)\n
+user_login = request.get(\'field_user_login\', None)\n
+# find Person object (or authenticated member) and validate it on it (password recovered for an existing account)\n
+person = context.ERP5Site_getAuthenticatedMemberPersonValue(user_login)\n
+if person is not None:\n
+  return doValidation(person, password)\n
 \n
 # use a temp object (new account created)\n
 first_name = request.get(\'field_your_first_name\', None) \n
@@ -99,6 +98,14 @@ return doValidation(person, password)\n
             <key> <string>_params</string> </key>
             <value> <string>password, request</string> </value>
         </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>Base_isPasswordValid</string> </value>
diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_validatePasswordsMatch.xml b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_validatePasswordsMatch.xml
similarity index 97%
rename from bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_validatePasswordsMatch.xml
rename to bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_validatePasswordsMatch.xml
index 72b3f7da6e9c4f4b84f61df4d2d95d1c51978a09..367cd72762568f167b67c166bb443b9e362e9c10 100644
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_validatePasswordsMatch.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Base_validatePasswordsMatch.xml
@@ -68,7 +68,7 @@ return 0\n
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_validatePasswordsMatch</string> </value>
+            <value> <string>Base_validatePasswordsMatch</string> </value>
         </item>
       </dictionary>
     </pickle>
diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/ERP5Site_isAuthenticationPolicyEnabled.xml b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/ERP5Site_isAuthenticationPolicyEnabled.xml
deleted file mode 100644
index 785b335cb0a6596ff26b2eb53b71c50d787f6600..0000000000000000000000000000000000000000
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/ERP5Site_isAuthenticationPolicyEnabled.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>Script_magic</string> </key>
-            <value> <int>3</int> </value>
-        </item>
-        <item>
-            <key> <string>_bind_names</string> </key>
-            <value>
-              <object>
-                <klass>
-                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
-                </klass>
-                <tuple/>
-                <state>
-                  <dictionary>
-                    <item>
-                        <key> <string>_asgns</string> </key>
-                        <value>
-                          <dictionary>
-                            <item>
-                                <key> <string>name_container</string> </key>
-                                <value> <string>container</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_context</string> </key>
-                                <value> <string>context</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_m_self</string> </key>
-                                <value> <string>script</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_subpath</string> </key>
-                                <value> <string>traverse_subpath</string> </value>
-                            </item>
-                          </dictionary>
-                        </value>
-                    </item>
-                  </dictionary>
-                </state>
-              </object>
-            </value>
-        </item>
-        <item>
-            <key> <string>_body</string> </key>
-            <value> <string>"""\n
-  Determine if a security policy is enabled or not by reading System Preferences.\n
-"""\n
-from Products.ERP5Type.Cache import CachingMethod\n
-\n
-def _isAuthenticationPolicyEnabled():\n
-  portal = context.getPortalObject()\n
-  portal_preferences = portal.portal_preferences\n
-  return portal_preferences.getPreferredMaxAuthenticationFailure() or \\\n
-         portal_preferences.getPreferredMaxPasswordLifetimeDuration()\n
-\n
-_isAuthenticationPolicyEnabled = CachingMethod(_isAuthenticationPolicyEnabled,\n
-                                               id=\'Person_isAuthenticationPolicyEnabled\',\n
-                                               cache_factory=\'erp5_content_short\')\n
-return _isAuthenticationPolicyEnabled()\n
-</string> </value>
-        </item>
-        <item>
-            <key> <string>_params</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>ERP5Site_isAuthenticationPolicyEnabled</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>
diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isLoginBlocked.xml b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isLoginBlocked.xml
index f815485bdf14d7000ef0106e89f48d851bc53532..35e6610dd6f7656703fe074222e1dd7120a35a6a 100644
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isLoginBlocked.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isLoginBlocked.xml
@@ -61,7 +61,7 @@ request = context.REQUEST\n
 portal = context.getPortalObject()\n
 portal_preferences = portal.portal_preferences\n
 \n
-if not context.ERP5Site_isAuthenticationPolicyEnabled():\n
+if not portal_preferences.isAuthenticationPolicyEnabled():\n
   # no policy, no sense to block account\n
   return 0\n
 \n
diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyLoginFailure.xml b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyLoginFailure.xml
index b13b007ac0408ba4d832780bb0021c792e45039a..e3535f1d9ad5ead52ae80d402441e473b1b06847 100644
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyLoginFailure.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_notifyLoginFailure.xml
@@ -57,8 +57,9 @@
 """\n
 from DateTime import DateTime\n
 portal = context.getPortalObject()\n
+portal_preferences = portal.portal_preferences\n
 \n
-if not context.ERP5Site_isAuthenticationPolicyEnabled():\n
+if not portal_preferences.isAuthenticationPolicyEnabled():\n
   # no policy, no sense to file failure\n
   return 0\n
 \n
diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_unblockLogin.xml b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_unblockLogin.xml
index bc355f7222f5e0381afe0830f405e894a0c9bea5..f29d037bbd388c7bddb686c204e8adcecdc1cf3f 100644
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_unblockLogin.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_unblockLogin.xml
@@ -52,7 +52,7 @@
             <key> <string>_body</string> </key>
             <value> <string>portal = context.getPortalObject()\n
 \n
-if not portal.ERP5Site_isAuthenticationPolicyEnabled():\n
+if not portal.portal_preferences.isAuthenticationPolicyEnabled():\n
   # no policy, no sense to block account\n
   return 0\n
 \n
diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy.xml b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy.xml
index 584bc633b31d177fef043e2ad3e5706e6aee1348..2a2d3a18c5d70185f2428ae6c87d9a12a6c3702c 100644
--- a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy.xml
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy.xml
@@ -79,6 +79,7 @@
                     <key> <string>left</string> </key>
                     <value>
                       <list>
+                        <string>my_preferred_authentication_policy_enabled</string>
                         <string>my_preferred_max_authentication_failure</string>
                         <string>my_preferred_authentication_failure_check_duration</string>
                         <string>my_preferred_authentication_failure_block_duration</string>
diff --git a/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy/my_preferred_authentication_policy_enabled.xml b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy/my_preferred_authentication_policy_enabled.xml
new file mode 100644
index 0000000000000000000000000000000000000000..6b80e3a688318d77a4767d9af280459d7eeb7539
--- /dev/null
+++ b/bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy/my_preferred_authentication_policy_enabled.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_preferred_authentication_policy_enabled</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_checkbox</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>Enable Authentication Policy</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
diff --git a/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/interactions/changePassword.xml b/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/interactions/changePassword.xml
index 7395b64192ff24da941888015b327ff7953b1def..cd1ee95c997f0aa8844cdd47955deb53909ba970 100644
--- a/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/interactions/changePassword.xml
+++ b/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/interactions/changePassword.xml
@@ -27,7 +27,9 @@
         <item>
             <key> <string>after_script_name</string> </key>
             <value>
-              <tuple/>
+              <list>
+                <string>Person_changePassword</string>
+              </list>
             </value>
         </item>
         <item>
@@ -55,8 +57,10 @@
             <value>
               <list>
                 <string>setPassword</string>
-                <string>setEncodedPassword</string>
+                <string>_setPassword</string>
                 <string>_forceSetPassword</string>
+                <string>edit</string>
+                <string>setEncodedPassword</string>
               </list>
             </value>
         </item>
@@ -75,9 +79,7 @@
         <item>
             <key> <string>script_name</string> </key>
             <value>
-              <list>
-                <string>Person_changePassword</string>
-              </list>
+              <tuple/>
             </value>
         </item>
         <item>
diff --git a/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/Person_changePassword.xml b/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/Person_changePassword.xml
index 2d65720ce816e61beed6569093c7df1c6ce0ba4d..a65e2d961286bac0988499fb1ac1bdbe81c9577d 100644
--- a/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/Person_changePassword.xml
+++ b/bt5/erp5_authentication_policy/WorkflowTemplateItem/portal_workflow/password_interaction_workflow/scripts/Person_changePassword.xml
@@ -62,11 +62,11 @@ if number_of_last_password_to_check is not None and number_of_last_password_to_c
   person.setLastPasswordModificationDate(DateTime())\n
   old_password_list = person.getLastChangedPasswordValueList()\n
   current_password = person.getPassword()\n
-  if current_password is not None:\n
+  if current_password is not None and current_password not in old_password_list:\n
     # we care only if password is set\n
     old_password_list.append(current_password)\n
-  person.setLastChangedPasswordValueList(old_password_list)\n
-  #context.log(\'%s %s %s\' %(person.getPassword(), person.getLastPasswordModificationDate(), old_password_list))\n
+    person.setLastChangedPasswordValueList(old_password_list)\n
+    context.log(\'%s %s %s\' %(person.getPassword(), person.getLastPasswordModificationDate(), old_password_list))\n
 </string> </value>
         </item>
         <item>
diff --git a/bt5/erp5_authentication_policy/bt/revision b/bt5/erp5_authentication_policy/bt/revision
index c7930257dfef505fd996e1d6f22f2f35149990d0..301160a93062df23030a69f4b5e4d9bf71866ee9 100644
--- a/bt5/erp5_authentication_policy/bt/revision
+++ b/bt5/erp5_authentication_policy/bt/revision
@@ -1 +1 @@
-7
\ No newline at end of file
+8
\ No newline at end of file