Versions Compared

Old Version 3

changes.mady.by.user Evgeniya Kononova

Saved on

compared with

New Version 4

changes.mady.by.user Alena Kniazeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Go to Settings -> Options -> Security policy (1-2).
  2. Set the minimum password length (3).
  3. Set the number of the most recent passwords for each user to be stored in history(4). 0 – do not store password history. If this value is non-zero, the passwords stored in history may not be reused.
  4. Set the password expiration time interval in days (5). After the time interval expires, the user will be prompted to set a new password. 0 – the password never expires.
  5. Select the positions to meet complexity requirements: nothing, password only, user name and password (6).
    The requirements:
    1. user name:
      1. must should contain no less than 6 characters and at least 2 digits;
      2. must should not include common role names, such as: admin, administrator, administrator1, root, super, superuser, supervisor.
    2. The password has to should contain at least 8 characters, which must should meet at least 3 requirements listed below:
      1. at least 1 capital letter;
      2. at least 2 lowercase letters;
      3. at least 3 digits;
      4. at least 4 special characters, such as: !\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~
  6. If you need to limit the number of sessions per user to one, check set the corresponding box checkbox (7). This requirement also applies to web and mobile Clients.

  7. Set the number of failed login attempts to lock a user's account (8). 0 – no account locking on incorrect passwords. If this value is non-zero, when a new user is created, they will be given the name User with a random number from 10000 to 99999. The name can be changed in the user settings.

    Note
    titleAttention!

    When unblocked, the user is offered only one authentication attempt. A successful authentication will reset the failed attempts counter to zero, otherwise the user account will be blocked again.


  8. Set the duration of user account locking on failed login attempts , in minutes (9). 0 – the account can be unlocked by the administrator only (see Locking a user account).
  9. Click the Apply button.
Note
titleAttention!

If any user accounts created in your system before you applied changes in security policy are incompatible with the new requirements, the users will be prompted to change their credentials upon their next login.

...