Within the Administrative Console, we have made some notable changes in the Security section.
We have added a new sub-section, consolidated the password requirements, and added additional features.
Password Complexity
As you can see, we've compiled all of the password requirements in one place and added some new features.
You can now enable the following requirements:
- You can require passwords to contain at least one lowercase letter.
- You can require that passwords cannot contain the user's username.
- You can require that passwords cannot contain the user's full name.
In addition, we now allow you to decide how many requirements are necessary. For instance, you can enable five requirements. Then you can set it so that your users only need to abide by a combination of two of the requirements out of the five.
Password Management
We've revised this section in the following ways:
- The Password Expires option has been renamed to Maximum Password Age.
- You can now set a Minimum Password Age before users are allowed to reset their password.
Note: This does not affect the ability of the administrator to reset passwords for users.
Best Practices for Passwords
- The Minimum character length should be 7 characters
- Passwords should include three of the following:
Lowercase characters (a-z)
Uppercase characters (A-Z)
Numbers (0-9)
Symbols (@ # $ % ^ & * - _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ “ ( ) ;) - Passwords should not include a dot character '.' immediately preceding the '@' symbol.
- The Maximum Password Age should be 90 days.
- Accounts should be locked out after a maximum of ten failed login attempts. (Set Lockout account after to 10.)
- The last password should not be used again when changing a password. (Set the Cannot reuse same password to 1.)
Still Have Questions?
If you need help or have additional questions, please contact us.
0 Comments