System: Password Policy

From this field, the user can specify the minimum acceptable length of a password. The number entered here represents the minimum number of characters that can be accepted as a password

Tick this box to force a number/letter combination. This will force employee to use a combination of letters and digits to make up a strong password. It is highly recommended that this option is selected

Tick this box to stop users from re-using their old passwords for a given number of times for example the user cannot use one of their last four passwords again

Note: This setting is very much dependant on the value entered in the How Many Previous Passwords to Store field

A value must be entered in this field if the Prevent Password Reuse field has been ticked.

If a value is not specified in this field, the system will not be able to Prevent Password Reuse because the system will not have a record of any old passwords to compare the new password against, hence it cannot check for reuse

In terms of using the field, if a decision is made to store the last three passwords, enter in the number 3.

Without a value in this field, the system will simply allow users to re-use old passwords

From this field, case sensitivity can be can be specified. If ticked, users must type in their passwords in the exact case from when it was set up i.e. upper-case or lower-case.

For example, if the password was set as W3LcomE with case sensitivity selected, the user would have to enter W3LcomE to secure access. If this option wasn’t selected any variation of upper- and lower-case letters would be acceptable for example W3LCOME, w3lcome, w3LCOME etc.

If this rule is implemented, ensure that your users are aware of this as they may struggle to access the system if they forget where they used upper- and lower-case characters

Select this option if the system wide level password policy is being implemented

Tick this option if password will never expire. i.e. a user will not need to change their password ever

If this setting is not ticked, then the system will take this as an implicit rule that means the password will expire after a set number of days has lapsed (see Password Valid For below)

The number of days that the password is valid for i.e. how long in terms of days will it be before users are required to reset their password

The amount of inactive time (in minutes) before the Web Client automatically logs out the user, requiring them to log back on again with their user ID and password in order to access the system

This field is where a number of maximum allowable wrong entries of a password before the system locks an account is set up. The number of retries can be a number from 1-10. For example, if the value 3 is entered, this means that system users will only be allowed to get their password incorrect three times before they are locked out (see below)

When the user logs in incorrectly, the username is logged as detailed above in the Retries section. If the user attempts to log in multiple times within the Lockout period without logging in correctly, that username will be disabled for the set period of time specified in this field. This will affect the user regardless of whether the username is valid or not. The lockout period is a time from 0-99 minutes, the default is 15 minutes. When the lockout period is set to 0, this feature is effectively disabled

Select Save to keep changes

Select Refresh to revert to the unsaved state and remove any unwanted changes