Difference between revisions of "Password Policy"
imported>Aeric m (Text replace - 'Settings > ' to 'File:GearIcon.png > Setup > ') |
imported>Aeric |
||
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
'''[[File:GearIcon.png]] > | '''[[File:GearIcon.png]] > Administration > Access Management > Password Policy''' | ||
A Password Policy defines password requirements and login protections. | A Password Policy defines password requirements and login protections. | ||
===Permissions=== | ===Permissions=== | ||
{{ | {{PermissionRef|Access Control|modify the password policy}} | ||
===Create a New Password Policy=== | ===Create a New Password Policy=== | ||
#Click '''[ | #Click '''[Edit]''' and change any of the fields under Policy Information to create a custom password policy | ||
#;Minimum Length:Minimum numbers of characters in the password; Default: 6 Characters, Range: 6-10 characters | #;Minimum Length:Minimum numbers of characters in the password; Default: 6 Characters, Range: 6-10 characters | ||
#;Required Character Types:The types of characters and character combinations required for passwords; Default: No Restrictions, Range: See [[#Required Character Types|Required Character Types]] | #;Required Character Types:The types of characters and character combinations required for passwords; Default: No Restrictions, Range: See [[#Required Character Types|Required Character Types]] | ||
Line 14: | Line 13: | ||
#;New Password Cannot Match:Number of previous passwords; Default: Last Password, Range: Last 2-5 passwords | #;New Password Cannot Match:Number of previous passwords; Default: Last Password, Range: Last 2-5 passwords | ||
#;Minimum Age:Frequency that a user can change the password; Specifies the number of days that must pass before a user can change passwords; Default: No Minimum, Range: 1-5 Days | #;Minimum Age:Frequency that a user can change the password; Specifies the number of days that must pass before a user can change passwords; Default: No Minimum, Range: 1-5 Days | ||
#;Inactive Session Timeout:The length of time an application will remain active with no user activity; The application will become inactive and the user will need to log on again when the timeout is achieved; Default: 90 Minutes, Range: 15, 30, 60, 90, 120 minutes | #;Inactive Session Timeout:The length of time an application will remain active with no user activity; The application will become inactive and the user will need to log on again when the timeout is achieved; Default: 90 Minutes, Range: 15, 30, 60, 90, 120 minutes. If you login as a proxy user, the Inactive Session Timeout is 15 minutes. | ||
#;Account Lockout Threshold:The number of login attempts before the account is locked out; Default: 5 tries, Choices: 3-10 tries, No Limit | #;Account Lockout Threshold:The number of login attempts before the account is locked out; Default: 5 tries, Choices: 3-10 tries, No Limit | ||
#:''Learn more: [[#About Login Limit|Login Limit]]'' | #:''Learn more: [[#About Login Limit|Login Limit]]'' | ||
Line 21: | Line 20: | ||
#Click '''[Save]'''; For audit purposes, the following information is also displayed: | #Click '''[Save]'''; For audit purposes, the following information is also displayed: | ||
#:Last Modified By <username> {date} <time> | #:Last Modified By <username> {date} <time> | ||
#:Created By <username> {date} <time> | #:Created By <username> {date} <time> | ||
===About Login Limit=== | ===About Login Limit=== | ||
Line 54: | Line 53: | ||
:<tt> - number (0-9)</tt> | :<tt> - number (0-9)</tt> | ||
:<tt> - special character | :<tt> - special character</tt> | ||
|-valign="top" | |-valign="top" | ||
Line 78: | Line 77: | ||
Allowed: | Allowed: | ||
:<tt> - special character | :<tt> - special character</tt> | ||
|-valign="top" | |-valign="top" | ||
Line 110: | Line 109: | ||
Alphanumeric characters | Alphanumeric characters | ||
:Including special characters | :Including special characters | ||
''The addition of special characters adds an additional degree of complexity to password security.'' | ''The addition of special characters adds an additional degree of complexity to password security.'' | ||
Line 131: | Line 130: | ||
<tt> - number (0-9)</tt> | <tt> - number (0-9)</tt> | ||
<tt> - special character | <tt> - special character</tt> | ||
|-valign="top" | |-valign="top" | ||
| | | | ||
Line 138: | Line 137: | ||
:Requires at least one Upper case character | :Requires at least one Upper case character | ||
:Including special characters | :Including special characters | ||
''The addition of special characters and the upper/lower case requirement adds a high degree of complexity to password security.'' | ''The addition of special characters and the upper/lower case requirement adds a high degree of complexity to password security.'' | ||
Line 160: | Line 159: | ||
<tt> - number (0-9)</tt> | <tt> - number (0-9)</tt> | ||
<tt> - special character | <tt> - special character</tt> | ||
Allowed: | Allowed: |
Latest revision as of 18:02, 25 January 2021
> Administration > Access Management > Password Policy
A Password Policy defines password requirements and login protections.
Permissions
Users that have the Access Control permission can modify the password policy.
Create a New Password Policy
- Click [Edit] and change any of the fields under Policy Information to create a custom password policy
- Minimum Length
- Minimum numbers of characters in the password; Default: 6 Characters, Range: 6-10 characters
- Required Character Types
- The types of characters and character combinations required for passwords; Default: No Restrictions, Range: See Required Character Types
- Expires In
- The number of days the password remains valid before the user will be prompted to change it; Default: 90 Days, Range: 15, 30, 60, 90, 120 days, Never
- New Password Cannot Match
- Number of previous passwords; Default: Last Password, Range: Last 2-5 passwords
- Minimum Age
- Frequency that a user can change the password; Specifies the number of days that must pass before a user can change passwords; Default: No Minimum, Range: 1-5 Days
- Inactive Session Timeout
- The length of time an application will remain active with no user activity; The application will become inactive and the user will need to log on again when the timeout is achieved; Default: 90 Minutes, Range: 15, 30, 60, 90, 120 minutes. If you login as a proxy user, the Inactive Session Timeout is 15 minutes.
- Account Lockout Threshold
- The number of login attempts before the account is locked out; Default: 5 tries, Choices: 3-10 tries, No Limit
- Learn more: Login Limit
- Account Lockout Duration
- The length of time that an account is locked out; Default: 15 minutes, Choices: 5, 10, 15, 30, or 60 minutes, Disable
- Users Excluded from Password Expiration
- A list of users who do not have to update their password; This might include users with Administration privileges; Default: No Users
- Click [Save]; For audit purposes, the following information is also displayed:
- Last Modified By <username> {date}
- Created By <username> {date}
About Login Limit
The Login Limit defines the number of failed attempts allowed before a user account is disabled or locked for a specified time. When a user attempts to login and fails (because of an incorrect password), each attempt counts against the Login Limit. When the Login Limit is achieved, the account is disabled or locked for a specified time, according to the parameters set in in the Account Lockout Duration field. The Login Limit is defined by the Password Policy.
Users that have the Manage Company Capabilities permission can : - Enable and specify the Login Limit
- Track all invalid login attempts in the Audit Log
- Reactivate the locked/disabled user account
To specify the Login Limit:
- Click > Administration > Access Management > Password Policies
- Click the [Edit] button
- Choose an option in the Account Lockout Threshold field from this list of options:
- No Limit
- 3 failed tries
- 4 failed tries
- 5 failed tries (default)
- 6 failed tries
- 7 failed tries
- 8 failed tries
- 9 failed tries
- 10 failed tries
To track all Invalid Login Attempts, see the Audit Log.
Reactivation
To reactivate a locked or disabled user account:
- Click > Administration > Access Management > Users
- Select the user account of interest
- Click the [Edit] button
- Click the Active checkbox icon
- Click [Save]
Users Excluded from Password Expiration
By default, no user is exempt from the Password Policy, although it is possible to specify that a User be Excluded from the Password Expiration Policy.
Required Character Types
This option defines the level of security for passwords, which can be simple and allow any character combination, or very secure, requiring Upper and lower case characters, as well as special characters.
Option | Example Passwords | Description |
---|---|---|
No Restrictions
This is a low security option and allows any characters to be selected from a defined set |
These passwords are considered to be the same in this policy:
|
Characters in any of the following sets are allowed:
|
Alphanumeric characters
This is also a low security option - it allows most characters, and requires some characters from a defined set |
These passwords are not the same, and each can be used in this policy:
|
Requires at least one character from each of the following sets:
- Upper case (A-Z) or lower case (a-z) - number (0-9) Allowed:
|
Alphanumeric characters
This is a reasonable level of security for most organizations. |
These passwords are not the same, and each can be used in this policy:
This password does not meet the requirement because it is missing an Upper case character:
|
Requires at least one character from each of the following sets:
- Upper case (A-Z) - number (0-9) Allowed:
|
Alphanumeric characters
The addition of special characters adds an additional degree of complexity to password security. |
Any of these passwords can be used in this policy:
This password does not meet the requirement because it is missing a number and a special character:
|
Requires at least one character from each of the following sets:
- Upper case (A-Z) or lower case (a-z) - number (0-9) - special character |
Alphanumeric characters
The addition of special characters and the upper/lower case requirement adds a high degree of complexity to password security. |
These passwords are not the same, and each can be used in this policy:
This password does not meet the requirement because it is missing an Upper case character:
This password does not meet the requirement because it is missing a number and a special character:
|
Requires at least one character from each of the following sets:
- Upper case (A-Z) - number (0-9) - special character Allowed:
|