Configuring Password Security
Use the Password Management page to set the level of password security for all Staff Manager users.
Only Enterprise Admin users can configure password security. Complete the following steps to configure password security:
- From the Configure menu, select App Settings > Password Management. The Password Management page opens.
- Enter a value for the Password must be at least X characters long option. The more characters a password has, the more secure it is. Suggested values are from 6 to 10 characters; the maximum length is 32 characters. Entering the numeral 0 turns this feature off.
- Select at least two of the three options under Password must be a combination of:
- Letters: Checking this box means passwords must contain any of the letters of the alphabet.
- Numbers: Checking this box means passwords must contain at least one number from 0 to 9.
- Special characters: Checking this box means passwords must contain at least one special character such as !, @, #, and $.
- Select the Password cannot contain user login name, first name, or last name check box to make passwords more secure by preventing users from creating passwords containing their first, last, or login names.
- Enter a value for the Expires in X days option. Changing passwords on a regular basis increases security. Suggested values are from 30 to 180 days. Entering a value of zero (0) turns this feature off.
- Enter a value for the Expire warning within X days option. Entering a value in this option alerts users when their passwords are going to expire. Suggested values are from 3 to 10 days. Entering the numeral 0 turns this feature off.
- Enter a value for the User is locked out after X failed attempts option. Entering a value here makes the application more secure by preventing unlimited login attempts by unauthorized personnel. Suggested values are from 3 to 5 attempts. Entering the numeral 0 turns this feature off.
- Enter a value for the User is locked out after X days of inactivity option. Entering a value in this option makes the application more secure by preventing unlimited access over time. Suggested values depend on how often you expect employees to log into the application; some organizations might lock users out after seven days of inactivity, while other organizations might lock users out after 30 days of inactivity. Entering the numeral 0 turns this feature off.
- Select Enable user security questions to let users answer security questions to give them access to the application if they forget their passwords.
- Click Save Changes to save your changes or Reset to restore the original settings.
Related Topics