To configure the user security policy, do as follows:
- Go to Settings -> Options -> Security Policy (1-2).
- Set the minimum password length (3).
- Set the number of most recent passwords for each user to be stored (4 ). 0 – do not store password history. If this value is non-zero, passwords stored in history may not be reused.
- Set password expiration time interval in days (5). After the time interval expires, the user will be prompted to set a new password. 0 — the password never expires.
- If you need to put complexity requirements on passwords, check the corresponding box (6).
The requirements:- user name:
- must contain no less than 6 characters and at least 2 digits;
- must not include common role names, such as: admin, administrator, administrator1, root, super, superuser, supervisor.
- The password has to contain at least 8 characters, which must meet at least 3 requirements listed below:
- at least 1 capital letter;
- at least 2 lowercase letters;
- at least 3 digits;
- at least 4 special characters, such as: !\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~
- user name:
- If you need to limit the number of sessions per user to one, check the corresponding box (7). This requirement also applies to web and mobile Clients.
- Set the number of failed login attempts to lock a user's account (8). 0 – no account locking on incorrect passwords.
- Set the duration of user account locking on failed login attempts, in minutes (9). 0 – the account can be unlocked by the administrator only.
- Click Apply.
Attention!
If any user accounts created in your system before you applied changes in security policy are incompatible with the new requirements, the users will be prompted to change their credentials upon their next login.
