AgileApps Support Wiki Pre Release

Difference between revisions of "Password Policy"

From AgileApps Support Wiki
imported>Aeric
imported>Aeric
 
(5 intermediate revisions by the same user not shown)
Line 4: Line 4:


===Permissions===
===Permissions===
{{permissions|Access Control/User Management|modify the password policies}}  
{{PermissionRef|Access Control|modify the password policy}}


===Create a New Password Policy===
===Create a New Password Policy===
Line 13: Line 13:
#;New Password Cannot Match:Number of previous passwords; Default: Last Password, Range: Last 2-5 passwords
#;New Password Cannot Match:Number of previous passwords; Default: Last Password, Range: Last 2-5 passwords
#;Minimum Age:Frequency that a user can change the password; Specifies the number of days that must pass before a user can change passwords; Default: No Minimum, Range: 1-5 Days
#;Minimum Age:Frequency that a user can change the password; Specifies the number of days that must pass before a user can change passwords; Default: No Minimum, Range: 1-5 Days
#;Inactive Session Timeout:The length of time an application will remain active with no user activity; The application will become inactive and the user will need to log on again when the timeout is achieved; Default: 90 Minutes, Range: 15, 30, 60, 90, 120 minutes
#;Inactive Session Timeout:The length of time an application will remain active with no user activity; The application will become inactive and the user will need to log on again when the timeout is achieved; Default: 90 Minutes, Range: 15, 30, 60, 90, 120 minutes. If you login as a proxy user, the Inactive Session Timeout is 15 minutes.
#;Account Lockout Threshold:The number of login attempts before the account is locked out; Default: 5 tries, Choices: 3-10 tries, No Limit
#;Account Lockout Threshold:The number of login attempts before the account is locked out; Default: 5 tries, Choices: 3-10 tries, No Limit
#:''Learn more: [[#About Login Limit|Login Limit]]''
#:''Learn more: [[#About Login Limit|Login Limit]]''
Line 53: Line 53:
:<tt>  - number (0-9)</tt>
:<tt>  - number (0-9)</tt>


:<tt>  - special character @ # $ %</tt>
:<tt>  - special character</tt>


|-valign="top"
|-valign="top"
Line 77: Line 77:
Allowed:
Allowed:


:<tt>  - special character @ # $ %</tt>
:<tt>  - special character</tt>


|-valign="top"
|-valign="top"
Line 109: Line 109:
Alphanumeric characters
Alphanumeric characters


:Including special characters # $ % @
:Including special characters


''The addition of special characters adds an additional degree of complexity to password security.''
''The addition of special characters adds an additional degree of complexity to password security.''
Line 130: Line 130:
<tt>  - number (0-9)</tt>
<tt>  - number (0-9)</tt>


<tt>  - special character @ # $ %</tt>
<tt>  - special character</tt>
|-valign="top"
|-valign="top"
|
|
Line 137: Line 137:
:Requires at least one Upper case character
:Requires at least one Upper case character


:Including special characters # $ % @
:Including special characters


''The addition of special characters and the upper/lower case requirement adds a high degree of complexity to password security.''  
''The addition of special characters and the upper/lower case requirement adds a high degree of complexity to password security.''  
Line 159: Line 159:
<tt>  - number (0-9)</tt>
<tt>  - number (0-9)</tt>


<tt>  - special character @ # $ %</tt>
<tt>  - special character</tt>


Allowed:
Allowed:

Latest revision as of 18:02, 25 January 2021

GearIcon.png > Administration > Access Management > Password Policy

A Password Policy defines password requirements and login protections.

Permissions

Lock-tiny.gif

Users that have the Access Control permission can modify the password policy. 

Create a New Password Policy

  1. Click [Edit] and change any of the fields under Policy Information to create a custom password policy
    Minimum Length
    Minimum numbers of characters in the password; Default: 6 Characters, Range: 6-10 characters
    Required Character Types
    The types of characters and character combinations required for passwords; Default: No Restrictions, Range: See Required Character Types
    Expires In
    The number of days the password remains valid before the user will be prompted to change it; Default: 90 Days, Range: 15, 30, 60, 90, 120 days, Never
    New Password Cannot Match
    Number of previous passwords; Default: Last Password, Range: Last 2-5 passwords
    Minimum Age
    Frequency that a user can change the password; Specifies the number of days that must pass before a user can change passwords; Default: No Minimum, Range: 1-5 Days
    Inactive Session Timeout
    The length of time an application will remain active with no user activity; The application will become inactive and the user will need to log on again when the timeout is achieved; Default: 90 Minutes, Range: 15, 30, 60, 90, 120 minutes. If you login as a proxy user, the Inactive Session Timeout is 15 minutes.
    Account Lockout Threshold
    The number of login attempts before the account is locked out; Default: 5 tries, Choices: 3-10 tries, No Limit
    Learn more: Login Limit
    Account Lockout Duration
    The length of time that an account is locked out; Default: 15 minutes, Choices: 5, 10, 15, 30, or 60 minutes, Disable
    Users Excluded from Password Expiration
    A list of users who do not have to update their password; This might include users with Administration privileges; Default: No Users
  2. Click [Save]; For audit purposes, the following information is also displayed:
    Last Modified By <username> {date}
    Created By <username> {date}

About Login Limit

The Login Limit defines the number of failed attempts allowed before a user account is disabled or locked for a specified time. When a user attempts to login and fails (because of an incorrect password), each attempt counts against the Login Limit. When the Login Limit is achieved, the account is disabled or locked for a specified time, according to the parameters set in in the Account Lockout Duration field. The Login Limit is defined by the Password Policy.

Lock-tiny.gif

Users that have the Manage Company Capabilities permission can :
  • Enable and specify the Login Limit
  • Track all invalid login attempts in the Audit Log
  • Reactivate the locked/disabled user account 

To specify the Login Limit:

  1. Click GearIcon.png > Administration > Access Management > Password Policies
  2. Click the [Edit] button
  3. Choose an option in the Account Lockout Threshold field from this list of options:
  • No Limit
  • 3 failed tries
  • 4 failed tries
  • 5 failed tries (default)
  • 6 failed tries
  • 7 failed tries
  • 8 failed tries
  • 9 failed tries
  • 10 failed tries

To track all Invalid Login Attempts, see the Audit Log.


Reactivation

To reactivate a locked or disabled user account:

  1. Click GearIcon.png > Administration > Access Management > Users
  2. Select the user account of interest
  3. Click the [Edit] button
  4. Click the Active checkbox Checkboxicon.gif icon
  5. Click [Save]

Users Excluded from Password Expiration

By default, no user is exempt from the Password Policy, although it is possible to specify that a User be Excluded from the Password Expiration Policy.

Required Character Types

This option defines the level of security for passwords, which can be simple and allow any character combination, or very secure, requiring Upper and lower case characters, as well as special characters.

Option Example Passwords Description
No Restrictions

This is a low security option and allows any characters to be selected from a defined set

These passwords are considered to be the same in this policy:

tH1sisMYPA$$worD
th1sismypa$$word
TH1SISMYPA$$WORD
Characters in any of the following sets are allowed:
- Upper case (A-Z)
- lower case (a-z)
- number (0-9)
- special character
Alphanumeric characters

This is also a low security option - it allows most characters, and requires some characters from a defined set

These passwords are not the same, and each can be used in this policy:

tH1sisMYPA55worD
th1sismypa55word
TH1SISMYPA55WORD
th1sismypa$$word
Requires at least one character from each of the following sets:

- Upper case (A-Z) or lower case (a-z)

- number (0-9)

Allowed:

- special character

Alphanumeric characters

Requires at least one Upper case character

This is a reasonable level of security for most organizations.

These passwords are not the same, and each can be used in this policy:

th1sisMYPA55worD
TH1SISMYPA55WORD

This password does not meet the requirement because it is missing an Upper case character:

th1sismypa55word
Requires at least one character from each of the following sets:

- Upper case (A-Z)

- number (0-9)

Allowed:

- lower case (a-z)

Alphanumeric characters

Including special characters

The addition of special characters adds an additional degree of complexity to password security.

Any of these passwords can be used in this policy:

th1sisMYPA$$worD
th1sismypa$$word
TH1SISMYPA$$WORD

This password does not meet the requirement because it is missing a number and a special character:

thisismypassword
Requires at least one character from each of the following sets:

- Upper case (A-Z) or lower case (a-z)

- number (0-9)

- special character

Alphanumeric characters

Requires at least one Upper case character
Including special characters

The addition of special characters and the upper/lower case requirement adds a high degree of complexity to password security.

These passwords are not the same, and each can be used in this policy:

th1sisMYPA$$worD
TH1SISMYPA$$WORD

This password does not meet the requirement because it is missing an Upper case character:

th1sismypa$$word

This password does not meet the requirement because it is missing a number and a special character:

ThisIsMyPassword
Requires at least one character from each of the following sets:

- Upper case (A-Z)

- number (0-9)

- special character

Allowed:

- lower case (a-z)