On the Security page in the Application menu,
an administrator can configure the security settings.
- Allow Autocomplete
- Select this option to enable the autocomplete login and password
on the login page in a browser.
- Allow Autologin
- Select this option to enable users to auto log in by using cookies.
- Display Lost Your Password
- Select this option to display the Lost Your Password link
on the login page.
- Login Delay
- Select the option to enable the delay option between every login
attempt. For each failed login attempt, the delays become longer:
- After the first attempt, the delay is 5 seconds
- After the second attempt, the delay is 15 seconds
- After the third attempt, the delay is 60 seconds
- After the fourth attempt, the delay is 5 minutes
- After five or more attempts, the delay is 1 hour
- Account Lockout
- Select this option to lock a user account if the user attempts
to log in and fails too many times.
- Force Password Change
- Select this option to force users to change their passwords the
first time that they log in.
- Password Minimum Length
- Configure the minimum length of passwords (3, 6, or 8 characters).
- Login Name Minimum Length
- Configure the minimum length of login names (2, 3, or 6 characters).
- Password Maximum Age
- Select this option to set passwords to expire after a set number
of days (1, 2, 3, 4, 5, or 6 months). A user must enter a new password
when the password expires.
- Password Quality
- Select this option to force users to set unique passwords.
- Basic: Select this option to make sure that the password
is not connected to user information. For example, the password cannot
be part of the user name, login name, or the user email address. The
password cannot be a word in the dictionary. If the password does
not meet the requirements, a warning message is displayed.
- Advanced: Select this option make sure that the password
meets both the basic password requirements and the following requirements.
If the password does not meet these requirements, a warning message
is displayed.
- When the password is spelled backward, it cannot be a word in
the dictionary
- The password cannot be like an old password.
- If the password is eight characters or less, it must contain at
least one special character
- If the password is more than eight characters, it must contain
at least two special characters
- Password Reuse
- Select this option (5, 10, or all) if you want the system to keep
the passwords for all users in its memory. Users cannot use a password
that are in the memory of the system.
- Override Incoming Links Access
- When you select this option, incoming links are displayed to the
user but the user cannot access them.
- Session Timeout
- Specify the amount of time that a user can be idle (1, 2, 4,
8, 12, or 24 hours) before the session ends.